CVE-2019-17539

Published: 14 October 2019

In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
ffmpeg
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(7:4.2.1-2)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (7:3.4.8-0ubuntu0.2)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://github.com/FFmpeg/FFmpeg/commit/8df6884832ec413cf032dfaa45c23b1c7876670c
libav
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Notes

AuthorNote
ebarretto
This issue was caused by b1febda0619
The above commit was never integrated to 2.8.x
but for 3.4, it was both integrated and fixed in 3.4.7, so
letting bionic version marked as needed.

References