CVE-2018-13302

In FFmpeg 4.0.1, improper handling of frame types (other than EAC3FRAMETYPEINDEPENDENT) that have multiple independent substreams in the handleeac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact.

References

Affected packages

Git / github.com/ffmpeg/ffmpeg

Affected ranges

Type

GIT

Repo

https://github.com/ffmpeg/ffmpeg

Events

Introduced

Last affected

e049f7c24fc6aa5fc925f860e2ad940a75cfd84f

Fixed

ed22dc22216f74c75ee7901f82649e1ff725ba50

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.0.1"
        }
    ]
}

Affected versions

Other

ffmpeg-0.*

ffmpeg-0.6.3

n0.*

n0.10

n0.10.1

n0.10.10

n0.10.11

n0.10.12

n0.10.13

n0.10.14

n0.10.15

n0.10.16

n0.10.2

n0.10.3

n0.10.4

n0.10.5

n0.10.6

n0.10.7

n0.10.8

n0.10.9

n0.11

n0.11-dev

n0.11.1

n0.11.2

n0.11.3

n0.11.4

n0.11.5

n0.12-dev

n0.5.10

n0.5.11

n0.5.12

n0.5.13

n0.5.14

n0.5.15

n0.5.5

n0.5.6

n0.5.7

n0.5.8

n0.5.9

n0.6.4

n0.6.5

n0.6.6

n0.6.7

n0.7.1

n0.7.10

n0.7.11

n0.7.12

n0.7.13

n0.7.14

n0.7.15

n0.7.16

n0.7.17

n0.7.2

n0.7.3

n0.7.4

n0.7.5

n0.7.6

n0.7.7

n0.7.8

n0.7.9

n0.8

n0.8.1

n0.8.10

n0.8.11

n0.8.12

n0.8.13

n0.8.14

n0.8.15

n0.8.2

n0.8.3

n0.8.4

n0.8.5

n0.8.6

n0.8.7

n0.8.8

n0.8.9

n0.9

n0.9.1

n0.9.2

n0.9.3

n0.9.4

n1.*

n1.0

n1.0.1

n1.0.10

n1.0.2

n1.0.3

n1.0.4

n1.0.5

n1.0.6

n1.0.7

n1.0.8

n1.0.9

n1.1

n1.1-dev

n1.1.1

n1.1.10

n1.1.11

n1.1.12

n1.1.13

n1.1.14

n1.1.15

n1.1.16

n1.1.2

n1.1.3

n1.1.4

n1.1.5

n1.1.6

n1.1.7

n1.1.8

n1.1.9

n1.2

n1.2-dev

n1.2.1

n1.2.10

n1.2.11

n1.2.12

n1.2.2

n1.2.3

n1.2.4

n1.2.5

n1.2.6

n1.2.7

n1.2.8

n1.2.9

n1.3-dev

n2.*

n2.0

n2.0.1

n2.0.2

n2.0.3

n2.0.4

n2.0.5

n2.0.6

n2.0.7

n2.1

n2.1-dev

n2.1.1

n2.1.2

n2.1.3

n2.1.4

n2.1.5

n2.1.6

n2.1.7

n2.1.8

n2.2

n2.2-dev

n2.2-rc1

n2.2-rc2

n2.2.1

n2.2.10

n2.2.11

n2.2.12

n2.2.13

n2.2.14

n2.2.15

n2.2.16

n2.2.2

n2.2.3

n2.2.4

n2.2.5

n2.2.6

n2.2.7

n2.2.8

n2.2.9

n2.3

n2.3-dev

n2.3.1

n2.3.2

n2.3.3

n2.3.4

n2.3.5

n2.3.6

n2.4

n2.4-dev

n2.4.1

n2.4.10

n2.4.11

n2.4.12

n2.4.13

n2.4.14

n2.4.2

n2.4.3

n2.4.4

n2.4.5

n2.4.6

n2.4.7

n2.4.8

n2.4.9

n2.5

n2.5-dev

n2.5.1

n2.5.10

n2.5.11

n2.5.2

n2.5.3

n2.5.4

n2.5.5

n2.5.6

n2.5.7

n2.5.8

n2.5.9

n2.6

n2.6-dev

n2.6.1

n2.6.2

n2.6.3

n2.6.4

n2.6.5

n2.6.6

n2.6.7

n2.6.8

n2.6.9

n2.7

n2.7-dev

n2.7.1

n2.7.2

n2.7.3

n2.7.4

n2.7.5

n2.7.6

n2.7.7

n2.8

n2.8-dev

n2.8.1

n2.8.10

n2.8.11

n2.8.12

n2.8.13

n2.8.14

n2.8.15

n2.8.16

n2.8.17

n2.8.18

n2.8.19

n2.8.2

n2.8.20

n2.8.21

n2.8.22

n2.8.3

n2.8.4

n2.8.5

n2.8.6

n2.8.7

n2.8.8

n2.8.9

n2.9-dev

n3.*

n3.0

n3.0.1

n3.0.10

n3.0.11

n3.0.12

n3.0.2

n3.0.3

n3.0.4

n3.0.5

n3.0.6

n3.0.7

n3.0.8

n3.0.9

n3.1

n3.1-dev

n3.1.1

n3.1.10

n3.1.11

n3.1.2

n3.1.3

n3.1.4

n3.1.5

n3.1.6

n3.1.7

n3.1.8

n3.1.9

n3.2

n3.2-dev

n3.2.1

n3.2.10

n3.2.11

n3.2.12

n3.2.13

n3.2.14

n3.2.15

n3.2.16

n3.2.17

n3.2.18

n3.2.19

n3.2.2

n3.2.3

n3.2.4

n3.2.5

n3.2.6

n3.2.7

n3.2.8

n3.2.9

n3.3

n3.3-dev

n3.3.1

n3.3.2

n3.3.3

n3.3.4

n3.3.5

n3.3.6

n3.3.7

n3.3.8

n3.3.9

n3.4

n3.4-dev

n3.4.1

n3.4.10

n3.4.11

n3.4.12

n3.4.13

n3.4.14

n3.4.2

n3.4.3

n3.4.4

n3.4.5

n3.4.6

n3.4.7

n3.4.8

n3.4.9

n3.5-dev

n4.*

n4.0

n4.0.1

n4.1-dev

v0.*

v0.5

v0.5.1

v0.5.2

v0.5.3

v0.6

v0.6.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-13302.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    }
]

vanir_signatures

[
    {
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "libavformat/movenc.c"
        },
        "digest": {
            "line_hashes": [
                "286508999898400854302705314410765316288",
                "81644518206851779125641955481146798733",
                "332215570920771589035891503880872297760",
                "20705562946418924332825077821195324035"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2018-13302-02f653e7",
        "source": "https://github.com/ffmpeg/ffmpeg/commit/ed22dc22216f74c75ee7901f82649e1ff725ba50",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "function": "handle_eac3",
            "file": "libavformat/movenc.c"
        },
        "digest": {
            "function_hash": "74160251388579419138517678707062812479",
            "length": 3196.0
        },
        "id": "CVE-2018-13302-886e5c21",
        "source": "https://github.com/ffmpeg/ffmpeg/commit/ed22dc22216f74c75ee7901f82649e1ff725ba50",
        "signature_version": "v1"
    }
]