{"api_version":"1","generated_at":"2026-05-05T14:19:08+00:00","cve":"CVE-2018-1999014","urls":{"html":"https://cve.report/CVE-2018-1999014","api":"https://cve.report/api/cve/CVE-2018-1999014.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-1999014","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-1999014"},"summary":{"title":"CVE-2018-1999014","description":"FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2018-07-23 15:29:00","updated_at":"2018-09-19 17:56:00"},"problem_types":["CWE-125"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/104896","name":"104896","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"FFmpeg Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75","name":"https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75","refsource":"CONFIRM","tags":["Issue Tracking","Patch","Third Party Advisory"],"title":"avformat/mxfdec: Fix av_log context · FFmpeg/FFmpeg@bab0716 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-1999014","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1999014","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"1999014","vulnerable":"1","versionEndIncluding":"4.0.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ffmpeg","cpe5":"ffmpeg","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2018-1999014","qid":"500902","title":"Alpine Linux Security Update for ffmpeg"},{"cve":"CVE-2018-1999014","qid":"502272","title":"Alpine Linux Security Update for ffmpeg4"},{"cve":"CVE-2018-1999014","qid":"504745","title":"Alpine Linux Security Update for ffmpeg"},{"cve":"CVE-2018-1999014","qid":"504763","title":"Alpine Linux Security Update for ffmpeg4"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","DATE_ASSIGNED":"2018-07-20T20:44:32.980405","DATE_REQUESTED":"2018-07-13T16:17:24","ID":"CVE-2018-1999014","REQUESTER":"paulcher@icloud.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"104896","refsource":"BID","url":"http://www.securityfocus.com/bid/104896"},{"name":"https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75","refsource":"CONFIRM","url":"https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75"}]}},"nvd":{"publishedDate":"2018-07-23 15:29:00","lastModifiedDate":"2018-09-19 17:56:00","problem_types":["CWE-125"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"1999014","Ordinal":"131243","Title":"CVE-2018-1999014","CVE":"CVE-2018-1999014","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"1999014","Ordinal":"1","NoteData":"FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"1999014","Ordinal":"2","NoteData":"2018-07-23","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"1999014","Ordinal":"3","NoteData":"2018-07-27","Type":"Other","Title":"Modified"}]}}}