UBUNTU-CVE-2019-9719

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2019-9719

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-9719.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-9719

Withdrawn

2025-06-23T15:53:21Z

Published

2019-09-19T21:15:00Z

Modified

2019-09-19T21:15:00Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

** DISPUTED ** A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srttoass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute that this is a vulnerability because “no evidence of a vulnerability is provided” and only “a generic warning from a static code analysis” is provided.

References

Affected packages

Ubuntu:20.04:LTS

gst-libav1.0

Package

Name: gst-libav1.0
Purl: pkg:deb/ubuntu/gst-libav1.0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.16.1-1

1.16.2-1

1.16.2-2

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-9719.json"

qtwebengine-opensource-src

Package

Name: qtwebengine-opensource-src
Purl: pkg:deb/ubuntu/qtwebengine-opensource-src

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.12.4+dfsg-1ubuntu1

5.12.4+dfsg-1ubuntu3

5.12.5+dfsg-3ubuntu1

5.12.5+dfsg-6ubuntu2

5.12.5+dfsg-7

5.12.5+dfsg-7build1

5.12.8+dfsg-0ubuntu1

5.12.8+dfsg-0ubuntu1.1

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-9719.json"

vice

Package

Name: vice
Purl: pkg:deb/ubuntu/vice

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.3.0.dfsg-2build1

3.4.0.dfsg-1

3.4.0.dfsg-1build1

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-9719.json"

Ubuntu:22.04:LTS

gst-libav1.0

Package

Name: gst-libav1.0
Purl: pkg:deb/ubuntu/gst-libav1.0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.18.5-1

1.20.0-1

1.20.1-1

1.20.3-0ubuntu1

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-9719.json"

qtwebengine-opensource-src

Package

Name: qtwebengine-opensource-src
Purl: pkg:deb/ubuntu/qtwebengine-opensource-src

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.6+dfsg-1

5.15.6+dfsg-2

5.15.7+dfsg-2

5.15.8+dfsg-1

5.15.8+dfsg-1build1

5.15.8+dfsg-1build2

5.15.8+dfsg-2

5.15.9+dfsg-1

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-9719.json"

vice

Package

Name: vice
Purl: pkg:deb/ubuntu/vice

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.5.0.dfsg-3

3.5.0.dfsg-4

3.6.0.dfsg-1

3.6.1+dfsg-1

3.6.1+dfsg-2

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-9719.json"

Ubuntu:24.04:LTS

gst-libav1.0

Package

Name: gst-libav1.0
Purl: pkg:deb/ubuntu/gst-libav1.0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.22.5-1

1.22.6-1

1.22.7-1

1.22.8-1

1.22.10-1

1.24.1-1

1.24.1-1build1

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-9719.json"

qtwebengine-opensource-src

Package

Name: qtwebengine-opensource-src
Purl: pkg:deb/ubuntu/qtwebengine-opensource-src

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.15+dfsg-2

5.15.15+dfsg-2build2

5.15.15+dfsg-2ubuntu1

5.15.16+dfsg-1

5.15.16+dfsg-1ubuntu2

5.15.16+dfsg-1ubuntu4

5.15.16+dfsg-3

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-9719.json"

vice

Package

Name: vice
Purl: pkg:deb/ubuntu/vice

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.7.1+dfsg1-2

3.7.1+dfsg1-2build2

3.7.1+dfsg1-2build3

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-9719.json"

Ubuntu:Pro:16.04:LTS

gst-libav1.0

Package

Name: gst-libav1.0
Purl: pkg:deb/ubuntu/gst-libav1.0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.6.0-1

1.6.0-2

1.6.1-1

1.6.2-1

1.7.1-1

1.7.2-1

1.7.90-1

1.8.0-1

1.8.1-1~ubuntu1

1.8.2-1~ubuntu1

1.8.3-1ubuntu0.1

1.8.3-1ubuntu0.2

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-9719.json"

vice

Package

Name: vice
Purl: pkg:deb/ubuntu/vice

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.dfsg+2.4.20-1

2.4.dfsg+2.4.25-1ubuntu1

2.4.dfsg+2.4.25-2

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-9719.json"

Ubuntu:Pro:18.04:LTS

gst-libav1.0

Package

Name: gst-libav1.0
Purl: pkg:deb/ubuntu/gst-libav1.0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.12.2-1

1.12.3-1

1.12.4-1

1.13.91-1

1.14.0-1

1.14.1-1~ubuntu18.04.1

1.14.4-0ubuntu1~ubuntu18.04.1

1.14.5-0ubuntu1~18.04.1

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-9719.json"

qtwebengine-opensource-src

Package

Name: qtwebengine-opensource-src
Purl: pkg:deb/ubuntu/qtwebengine-opensource-src

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.9.1+dfsg-4

5.9.1+dfsg-4ubuntu1

5.9.2+dfsg-2ubuntu1

5.9.3+dfsg-0ubuntu1

5.9.4+dfsg-0ubuntu1

5.9.5+dfsg-0ubuntu2

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-9719.json"

vice

Package

Name: vice
Purl: pkg:deb/ubuntu/vice

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.1.0.dfsg-1

3.1.0.dfsg1-1

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-9719.json"