ID de Prueba:	1.3.6.1.4.1.25623.1.0.113356
Categoría:	Denial of Service
Título:	FFmpeg <= 4.1 Multiple Vulnerabilities
Resumen:	FFmpeg is prone to multiple vulnerabilities.
Descripción:	Summary: FFmpeg is prone to multiple vulnerabilities. Vulnerability Insight: A vulnerability in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format: - because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf - because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf Vulnerability Impact: Successful exploitation would allow an attacker to exhaust the target system's CPU resources. Affected Software/OS: FFmpeg through version 4.1.0. Solution: Update to version 4.1.1. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-9718 BugTraq ID: 107382 http://www.securityfocus.com/bid/107382 Bugtraq: 20190523 [SECURITY] [DSA 4449-1] ffmpeg security update (Google Search) https://seclists.org/bugtraq/2019/May/60 Debian Security Information: DSA-4449 (Google Search) https://www.debian.org/security/2019/dsa-4449 https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1f00c97bc3475c477f3c468cf2d924d5761d0982 https://github.com/FFmpeg/FFmpeg/commit/23ccf3cabb4baf6e8af4b1af3fcc59c904736f21 https://usn.ubuntu.com/3967-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-9721 BugTraq ID: 107384 http://www.securityfocus.com/bid/107384 https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/894995c41e0795c7a44f81adc4838dedc3932e65 https://github.com/FFmpeg/FFmpeg/commit/273f2755ce8635d42da3cde0eeba15b2e7842774
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.