Skip to main content

Out-of-bounds Read

CVE-2018-1999010

Severity High
Score 9.8/10

Summary

FFmpeg before 2.8.15, 2.9-dev before 3.0.12, 3.1-dev before 3.2.11, 3.3-dev before 3.3.8, 3.4-dev before 3.4.3, 3.5-dev before 4.0.2, and 4.1-dev contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-125 - Out-of-Bounds Read

Out-of-bounds read is a vulnerability that allows access to memory beyond the authorized accessible location. Such a vulnerability compromises the confidentiality of the trusted environment in the application and enables an attacker to launch further attacks by leveraging the exposed information.

Advisory Timeline

  • Published