CVE-2019-14442 - In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek in

CVE-2019-14442

Summary

In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file.

References

https://bugzilla.libav.org/show_bug.cgi?id=1159
https://lists.debian.org/debian-lts-announce/2019/09/msg00000.html

Vulnerable Configurations

cpe:2.3:a:libav:libav:12.3:*:*:*:*:*:*:*
cpe:2.3:a:libav:libav:12.3:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

CVSS

Base:	7.1 (as of 03-03-2023 - 02:49)
Impact:
Exploitability:

CWE

CWE-835

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:C

refmap via4

misc	https://bugzilla.libav.org/show_bug.cgi?id=1159
mlist	[debian-lts-announce] 20190902 [SECURITY] [DLA 1907-1] libav security update

Last major update

03-03-2023 - 02:49

Published

30-07-2019 - 13:15

Last modified

03-03-2023 - 02:49