SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2018-15822

The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 7.5		CVSS Score : 5.0
Exploit Score: 3.9		Exploit Score: 10.0
Impact Score: 3.6		Impact Score: 2.9

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector: NETWORK
Attack Complexity: LOW		Access Complexity: LOW
Privileges Required: NONE		Authentication: NONE
User Interaction: NONE		Confidentiality: NONE
Scope: UNCHANGED		Integrity: NONE
Confidentiality: NONE		Availability: PARTIAL
Integrity: NONE
Availability: HIGH

Reference:

https://seclists.org/bugtraq/2019/May/60

DSA-4449

USN-3967-1

USN-4431-1

https://lists.debian.org/debian-lts-announce/2019/05/msg00043.html

https://github.com/FFmpeg/FFmpeg/commit/6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10

https://github.com/FFmpeg/FFmpeg/commit/d8ecb335fe4852bbc172c7b79e66944d158b4d92


30479



423868



248392



909



195452



282