Home > Vulnerability Database > CVE-2019-1000016

Mend.io Vulnerability Database

CVE-2019-1000016

Good to know:

Date: February 4, 2019

FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491c002d34de31.

Language: C

Severity Score

6.5

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-1000016

Url: https://github.com/FFmpeg/FFmpeg/commit/b97a4b658814b2de8b9f2a3bce491c002d34de31#diff-cd7e24986650014d67f484f3ffceef3f

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1000016

Url: https://security-tracker.debian.org/tracker/CVE-2019-1000016

Url: https://security.alpinelinux.org/vuln/CVE-2019-1000016

Url: https://www.mend.io/vulnerability-database/CVE-2019-1000016

Severity Score

6.5

Weakness Type (CWE)

Improper Validation of Array Index

CWE-129

Top Fix

Upgrade Version

Upgrade to version n4.1.1

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-1000016

Good to know:

Date: February 4, 2019

Language: C

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?