Vulnerability-Lookup

CVE-2019-12730 (GCVE-0-2019-12730)

Vulnerability from cvelistv5 – Published: 2019-06-04 13:14 – Updated: 2024-08-04 23:32

Summary

aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

GHSA-QVCR-P33X-3V45

Vulnerability from github – Published: 2022-05-24 22:00 – Updated: 2022-05-24 22:00

Details

aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 does not check for sscanf failure and consequently allows use of uninitialized variables.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-12730"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-04T14:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 does not check for sscanf failure and consequently allows use of uninitialized variables.",
  "id": "GHSA-qvcr-p33x-3v45",
  "modified": "2022-05-24T22:00:04Z",
  "published": "2022-05-24T22:00:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12730"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FFmpeg/FFmpeg/commit/ed188f6dcdf0935c939ed813cf8745d50742014b"
    },
    {
      "type": "WEB",
      "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/9b4004c054964a49c7ba44583f4cee22486dd8f2"
    },
    {
      "type": "WEB",
      "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1.4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FFmpeg/FFmpeg/compare/a97ea53...ba11e40"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/Aug/30"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202003-65"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4431-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2019/dsa-4502"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/109317"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2019-12730

Vulnerability from fkie_nvd - Published: 2019-06-04 14:29 - Updated: 2024-11-21 04:23

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/109317
cve@mitre.org	https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/9b4004c054964a49c7ba44583f4cee22486dd8f2
cve@mitre.org	https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1.4
cve@mitre.org	https://github.com/FFmpeg/FFmpeg/commit/ed188f6dcdf0935c939ed813cf8745d50742014b	Patch, Third Party Advisory
cve@mitre.org	https://github.com/FFmpeg/FFmpeg/compare/a97ea53...ba11e40	Third Party Advisory
cve@mitre.org	https://seclists.org/bugtraq/2019/Aug/30
cve@mitre.org	https://security.gentoo.org/glsa/202003-65
cve@mitre.org	https://usn.ubuntu.com/4431-1/
cve@mitre.org	https://www.debian.org/security/2019/dsa-4502
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/109317
af854a3a-2127-422b-91ae-364da2661108	https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/9b4004c054964a49c7ba44583f4cee22486dd8f2
af854a3a-2127-422b-91ae-364da2661108	https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1.4
af854a3a-2127-422b-91ae-364da2661108	https://github.com/FFmpeg/FFmpeg/commit/ed188f6dcdf0935c939ed813cf8745d50742014b	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/FFmpeg/FFmpeg/compare/a97ea53...ba11e40	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Aug/30
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202003-65
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4431-1/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2019/dsa-4502

Impacted products

	Vendor	Product	Version
	ffmpeg	ffmpeg	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97EFEC1B-1E68-4F76-9B3D-03FDE70505C5",
              "versionEndExcluding": "3.2.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables."
    },
    {
      "lang": "es",
      "value": "aa_read_header en libavformat / aadec.c en FFmpeg en versiones anteriores a la 3.2.14 y versi\u00f3n 4.x versiones anteriores a la 4.1.4 no verifica el error de sscanf y, por lo tanto, permite el uso de variables sin inicializar."
    }
  ],
  "id": "CVE-2019-12730",
  "lastModified": "2024-11-21T04:23:27.180",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-04T14:29:01.027",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/109317"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/9b4004c054964a49c7ba44583f4cee22486dd8f2"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1.4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FFmpeg/FFmpeg/commit/ed188f6dcdf0935c939ed813cf8745d50742014b"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/FFmpeg/FFmpeg/compare/a97ea53...ba11e40"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://seclists.org/bugtraq/2019/Aug/30"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202003-65"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/4431-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.debian.org/security/2019/dsa-4502"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/109317"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/9b4004c054964a49c7ba44583f4cee22486dd8f2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1.4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FFmpeg/FFmpeg/commit/ed188f6dcdf0935c939ed813cf8745d50742014b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/FFmpeg/FFmpeg/compare/a97ea53...ba11e40"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://seclists.org/bugtraq/2019/Aug/30"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202003-65"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/4431-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2019/dsa-4502"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-908"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2019-12730

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.

Aliases

CVE-2019-12730

Aliases

CVE-2019-12730

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-12730",
    "description": "aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.",
    "id": "GSD-2019-12730",
    "references": [
      "https://www.suse.com/security/cve/CVE-2019-12730.html",
      "https://www.debian.org/security/2019/dsa-4502",
      "https://ubuntu.com/security/CVE-2019-12730"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-12730"
      ],
      "details": "aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.",
      "id": "GSD-2019-12730",
      "modified": "2023-12-13T01:23:44.140735Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-12730",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/FFmpeg/FFmpeg/commit/ed188f6dcdf0935c939ed813cf8745d50742014b",
            "refsource": "MISC",
            "url": "https://github.com/FFmpeg/FFmpeg/commit/ed188f6dcdf0935c939ed813cf8745d50742014b"
          },
          {
            "name": "https://github.com/FFmpeg/FFmpeg/compare/a97ea53...ba11e40",
            "refsource": "MISC",
            "url": "https://github.com/FFmpeg/FFmpeg/compare/a97ea53...ba11e40"
          },
          {
            "name": "https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1.4",
            "refsource": "CONFIRM",
            "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1.4"
          },
          {
            "name": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/9b4004c054964a49c7ba44583f4cee22486dd8f2",
            "refsource": "CONFIRM",
            "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/9b4004c054964a49c7ba44583f4cee22486dd8f2"
          },
          {
            "name": "109317",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/109317"
          },
          {
            "name": "20190816 [SECURITY] [DSA 4502-1] ffmpeg security update",
            "refsource": "BUGTRAQ",
            "url": "https://seclists.org/bugtraq/2019/Aug/30"
          },
          {
            "name": "DSA-4502",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2019/dsa-4502"
          },
          {
            "name": "GLSA-202003-65",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202003-65"
          },
          {
            "name": "USN-4431-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4431-1/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.2.14",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12730"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-908"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/FFmpeg/FFmpeg/compare/a97ea53...ba11e40",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/FFmpeg/FFmpeg/compare/a97ea53...ba11e40"
            },
            {
              "name": "https://github.com/FFmpeg/FFmpeg/commit/ed188f6dcdf0935c939ed813cf8745d50742014b",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/FFmpeg/FFmpeg/commit/ed188f6dcdf0935c939ed813cf8745d50742014b"
            },
            {
              "name": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/9b4004c054964a49c7ba44583f4cee22486dd8f2",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/9b4004c054964a49c7ba44583f4cee22486dd8f2"
            },
            {
              "name": "https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1.4",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1.4"
            },
            {
              "name": "109317",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/109317"
            },
            {
              "name": "20190816 [SECURITY] [DSA 4502-1] ffmpeg security update",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "https://seclists.org/bugtraq/2019/Aug/30"
            },
            {
              "name": "DSA-4502",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "https://www.debian.org/security/2019/dsa-4502"
            },
            {
              "name": "GLSA-202003-65",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/202003-65"
            },
            {
              "name": "USN-4431-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "https://usn.ubuntu.com/4431-1/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-06-04T14:29Z"
    }
  }
}

CNVD-2019-22626

Vulnerability from cnvd - Published: 2019-07-15

Title

FFmpeg未初始化变量使用漏洞

Description

FFmpeg是一套可以用来记录、转换数字音频、视频，并能将其转化为流的开源计算机程序，采用LGPL或GPL许可证。 FFmpeg 3.2.14之前版本存在未初始化变量使用漏洞。该漏洞源于FFmpeg中的libavformat/aadec.c中的aa_read_header不检查sscanf失败。目前没有详细的漏洞细节提供。

Severity

高

Patch Name

FFmpeg未初始化变量使用漏洞的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://github.com/FFmpeg/FFmpeg/commit/ed188f6dcdf0935c939ed813cf8745d50742014b

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-12730

Impacted products

Name
FFmpeg FFmpeg <3.2.14

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-12730"
    }
  },
  "description": "FFmpeg\u662f\u4e00\u5957\u53ef\u4ee5\u7528\u6765\u8bb0\u5f55\u3001\u8f6c\u6362\u6570\u5b57\u97f3\u9891\u3001\u89c6\u9891\uff0c\u5e76\u80fd\u5c06\u5176\u8f6c\u5316\u4e3a\u6d41\u7684\u5f00\u6e90\u8ba1\u7b97\u673a\u7a0b\u5e8f\uff0c\u91c7\u7528LGPL\u6216GPL\u8bb8\u53ef\u8bc1\u3002\n\nFFmpeg 3.2.14\u4e4b\u524d\u7248\u672c\u5b58\u5728\u672a\u521d\u59cb\u5316\u53d8\u91cf\u4f7f\u7528\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eFFmpeg\u4e2d\u7684libavformat/aadec.c\u4e2d\u7684aa_read_header\u4e0d\u68c0\u67e5sscanf\u5931\u8d25\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "discovererName": "Michael Niedermayer",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/FFmpeg/FFmpeg/commit/ed188f6dcdf0935c939ed813cf8745d50742014b",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-22626",
  "openTime": "2019-07-15",
  "patchDescription": "FFmpeg\u662f\u4e00\u5957\u53ef\u4ee5\u7528\u6765\u8bb0\u5f55\u3001\u8f6c\u6362\u6570\u5b57\u97f3\u9891\u3001\u89c6\u9891\uff0c\u5e76\u80fd\u5c06\u5176\u8f6c\u5316\u4e3a\u6d41\u7684\u5f00\u6e90\u8ba1\u7b97\u673a\u7a0b\u5e8f\uff0c\u91c7\u7528LGPL\u6216GPL\u8bb8\u53ef\u8bc1\u3002\r\n\r\nFFmpeg 3.2.14\u4e4b\u524d\u7248\u672c\u5b58\u5728\u672a\u521d\u59cb\u5316\u53d8\u91cf\u4f7f\u7528\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eFFmpeg\u4e2d\u7684libavformat/aadec.c\u4e2d\u7684aa_read_header\u4e0d\u68c0\u67e5sscanf\u5931\u8d25\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "FFmpeg\u672a\u521d\u59cb\u5316\u53d8\u91cf\u4f7f\u7528\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "FFmpeg FFmpeg \u003c3.2.14"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-12730",
  "serverity": "\u9ad8",
  "submitTime": "2019-06-05",
  "title": "FFmpeg\u672a\u521d\u59cb\u5316\u53d8\u91cf\u4f7f\u7528\u6f0f\u6d1e"
}

cleanstart-2026-xe32069

Vulnerability from cleanstart

Published

2026-02-06 01:10

Modified

2026-02-03 13:35

Summary

Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ...

Details

Multiple security vulnerabilities affect the ffmpeg package. Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps. See references for individual vulnerability details.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "ffmpeg"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.1-r0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the ffmpeg package. Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-XE32069",
  "modified": "2026-02-03T13:35:45Z",
  "published": "2026-02-06T01:10:32.733224Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-XE32069.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-14058"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-14225"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-10001"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-12458"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-12459"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-12460"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-13300"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-13301"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-13302"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-13303"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-13304"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-13305"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-14394"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-14395"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-15822"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-1999010"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-1999011"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-1999012"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-1999013"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-1999014"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-1999015"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-6912"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-7557"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-7751"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-7757"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-9841"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-1000016"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-11338"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-11339"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-12730"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-17539"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-17542"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-9718"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-9721"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-12284"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-13904"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-14212"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-20446"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-20450"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-20453"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-21041"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-22015"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-22019"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-22021"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-22037"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-22038"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-22042"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-24020"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-35964"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-35965"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-30123"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-33815"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-38114"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-38171"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-38291"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-3965"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-46407"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-47342"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-47470"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14058"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14225"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10001"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12458"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12459"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12460"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13300"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13301"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13302"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13303"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13304"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13305"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14394"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14395"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15822"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999010"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999011"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999012"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999013"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999014"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999015"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6912"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7557"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7751"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7757"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9841"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1000016"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11338"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11339"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12730"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17539"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17542"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9718"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9721"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12284"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13904"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14212"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20446"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20450"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20453"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21041"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22015"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22019"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22021"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22037"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22038"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22042"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24020"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35964"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35965"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30123"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33815"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38114"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38171"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38291"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3965"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46407"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47342"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47470"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ...",
  "upstream": [
    "CVE-2017-14058",
    "CVE-2017-14225",
    "CVE-2018-10001",
    "CVE-2018-12458",
    "CVE-2018-12459",
    "CVE-2018-12460",
    "CVE-2018-13300",
    "CVE-2018-13301",
    "CVE-2018-13302",
    "CVE-2018-13303",
    "CVE-2018-13304",
    "CVE-2018-13305",
    "CVE-2018-14394",
    "CVE-2018-14395",
    "CVE-2018-15822",
    "CVE-2018-1999010",
    "CVE-2018-1999011",
    "CVE-2018-1999012",
    "CVE-2018-1999013",
    "CVE-2018-1999014",
    "CVE-2018-1999015",
    "CVE-2018-6912",
    "CVE-2018-7557",
    "CVE-2018-7751",
    "CVE-2018-7757",
    "CVE-2018-9841",
    "CVE-2019-1000016",
    "CVE-2019-11338",
    "CVE-2019-11339",
    "CVE-2019-12730",
    "CVE-2019-17539",
    "CVE-2019-17542",
    "CVE-2019-9718",
    "CVE-2019-9721",
    "CVE-2020-12284",
    "CVE-2020-13904",
    "CVE-2020-14212",
    "CVE-2020-20446",
    "CVE-2020-20450",
    "CVE-2020-20453",
    "CVE-2020-21041",
    "CVE-2020-22015",
    "CVE-2020-22019",
    "CVE-2020-22021",
    "CVE-2020-22037",
    "CVE-2020-22038",
    "CVE-2020-22042",
    "CVE-2020-24020",
    "CVE-2020-35964",
    "CVE-2020-35965",
    "CVE-2021-30123",
    "CVE-2021-33815",
    "CVE-2021-38114",
    "CVE-2021-38171",
    "CVE-2021-38291",
    "CVE-2022-3965",
    "CVE-2023-46407",
    "CVE-2023-47342",
    "CVE-2023-47470"
  ]
}

CVE-2019-12730

Vulnerability from fstec - Published: 16.07.2019

Title

Уязвимость библиотеки libavformat мультимедийной среды Ffmpeg, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании

Description

Уязвимость библиотеки libavformat мультимедийной среды Ffmpeg связана с отсутствием проверки возвращаемого значения функцией sscanf, что может привести к использованию неинициализированных переменных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Novell Inc., FFmpeg team, АО "НППКТ"

Software Name

Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), SUSE Linux Enterprise Module for Open Buildservice Development Tools, SUSE Linux Enterprise Module for additional PackageHub, SUSE Linux Enterprise Module for Desktop Applications, SUSE Linux Enterprise Workstation Extension, FFmpeg, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)

Software Version

9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 15 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 15 (SUSE Linux Enterprise Module for additional PackageHub), 15 (SUSE Linux Enterprise Module for Desktop Applications), 15 SP1 (SUSE Linux Enterprise Module for Desktop Applications), 15 (SUSE Linux Enterprise Workstation Extension), 15 SP1 (SUSE Linux Enterprise Workstation Extension), 15 SP1 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 8 (Debian GNU/Linux), до 3.2.14 (FFmpeg), до 2.5 (ОСОН ОСнова Оnyx)

Possible Mitigations

Использование рекомендаций: Для FFmpeg: Обновление программного обеспечения до 7:4.1.4-1 или более поздней версии Для Debian: Обновление программного обеспечения (пакета ffmpeg) до 7:3.2.14-1~deb9u1 или более поздней версии Для программных продуктов Novell Inc.: https://suse.com/security/cve/CVE-2019-12730/ Для ОСОН Основа: Обновление программного обеспечения ffmpeg до версии 7:4.3.3-0+deb11u1osnova1 Для Astra Linux Special Edition 1.6 «Смоленск»:: обновить пакет ffmpeg до 7:3.2.19-0+deb9u3+ci3 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-12730 https://security-tracker.debian.org/tracker/CVE-2019-12730 https://www.debian.org/security/2019/dsa-4502 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/ https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16

CWE

CWE-665

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., FFmpeg team, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 15 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 15 (SUSE Linux Enterprise Module for additional PackageHub), 15 (SUSE Linux Enterprise Module for Desktop Applications), 15 SP1 (SUSE Linux Enterprise Module for Desktop Applications), 15 (SUSE Linux Enterprise Workstation Extension), 15 SP1 (SUSE Linux Enterprise Workstation Extension), 15 SP1 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 8 (Debian GNU/Linux), \u0434\u043e 3.2.14 (FFmpeg), \u0434\u043e 2.5 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f FFmpeg:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 7:4.1.4-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\n\n\u0414\u043b\u044f Debian:\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 ffmpeg) \u0434\u043e 7:3.2.14-1~deb9u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://suse.com/security/cve/CVE-2019-12730/\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f ffmpeg \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 7:4.3.3-0+deb11u1osnova1\n\n\u0414\u043b\u044f Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb::\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 ffmpeg \u0434\u043e 7:3.2.19-0+deb9u3+ci3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "16.07.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "07.11.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "16.10.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-03593",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-12730",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), SUSE Linux Enterprise Module for Open Buildservice Development Tools, SUSE Linux Enterprise Module for additional PackageHub, SUSE Linux Enterprise Module for Desktop Applications, SUSE Linux Enterprise Workstation Extension, FFmpeg, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 libavformat \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0439\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u044b Ffmpeg, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u0430\u044f \u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f (CWE-665)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 libavformat \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0439\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u044b Ffmpeg \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u0435\u043c\u043e\u0433\u043e \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u0435\u0439 sscanf, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044e \u043d\u0435\u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2019-12730\nhttps://security-tracker.debian.org/tracker/CVE-2019-12730\nhttps://www.debian.org/security/2019/dsa-4502\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-665",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-12730 (GCVE-0-2019-12730)

GHSA-QVCR-P33X-3V45

FKIE_CVE-2019-12730

GSD-2019-12730

CNVD-2019-22626

cleanstart-2026-xe32069

Vulnerability from cleanstart

CVE-2019-12730

Tags

Sightings

Nomenclature