libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format.
{
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "9.0"
},
{
"last_affected": "9.0"
}
],
"source": "CPE_STRING",
"vendor_product": "debian:debian_linux",
"cpes": [
"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
]
}
]
}{
"source": "CPE_STRING",
"cpe": [
"cpe:2.3:a:ffmpeg:ffmpeg:3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:4.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "3.2"
},
{
"last_affected": "3.2"
},
{
"introduced": "4.0"
},
{
"last_affected": "4.0"
}
]
}{
"source": [
"CPE_STRING",
"REFERENCES"
],
"cpe": [
"cpe:2.3:a:ffmpeg:ffmpeg:3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:4.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "3.2"
},
{
"last_affected": "3.2"
},
{
"introduced": "4.0"
},
{
"last_affected": "4.0"
}
]
}"2026-07-08T17:15:32Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14395.json"
[
{
"id": "CVE-2018-14395-81cf19f1",
"digest": {
"function_hash": "102827977244515592418039999533830258363",
"length": 4429.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/ffmpeg/ffmpeg/commit/fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582",
"deprecated": false,
"target": {
"function": "mov_write_audio_tag",
"file": "libavformat/movenc.c"
}
},
{
"id": "CVE-2018-14395-c30bc0a5",
"digest": {
"function_hash": "44736351853163418595392144319364648043",
"length": 3886.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/ffmpeg/ffmpeg/commit/2c0e98a0b478284bdff6d7a4062522605a8beae5",
"deprecated": false,
"target": {
"function": "mov_write_audio_tag",
"file": "libavformat/movenc.c"
}
},
{
"id": "CVE-2018-14395-efe74b9b",
"digest": {
"line_hashes": [
"88413214916599869005262271461099492956",
"99490026392498700389421665331387618439",
"22818687448778883533567042380121543425",
"148013509794614994762799630272833705423"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/ffmpeg/ffmpeg/commit/fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582",
"deprecated": false,
"target": {
"file": "libavformat/movenc.c"
}
},
{
"id": "CVE-2018-14395-f544f8fd",
"digest": {
"line_hashes": [
"88413214916599869005262271461099492956",
"99490026392498700389421665331387618439",
"22818687448778883533567042380121543425",
"148013509794614994762799630272833705423"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/ffmpeg/ffmpeg/commit/2c0e98a0b478284bdff6d7a4062522605a8beae5",
"deprecated": false,
"target": {
"file": "libavformat/movenc.c"
}
}
]