Wind River Support Network

HomeDefectsLIN9-7134

Fixed

LIN9-7134 : Security Advisory - ffmpeg - CVE-2018-13301

Created: Jul 15, 2018 Updated: Dec 3, 2018

Resolved Date: Jul 24, 2018

Found In Version: 9.0.0.16

Fix Version: 9.0.0.17

Severity: Standard

Applicable for: Wind River Linux 9

Component/s: Userspace

Description

In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.

https://nvd.nist.gov/vuln/detail/CVE-2018-13301

Other Downloads

Wind River Linux 9.0.0.17
Wind River Linux 9.0.0.18
Wind River Linux 9.0.0.19
Wind River Linux 9.0.0.20
Wind River Linux 9.0.0.21
Wind River Linux 9.0.0.22
Wind River Linux 9.0.0.23
Wind River Linux 9.0.0.24
Wind River Linux 9.0.0.25
Wind River Linux 9.0.0.26

CVEs

CVE-2018-13301