Mailinglist Archive: opensuse-bugs (6588 mails)

< Previous Next >
[Bug 1143561] New: VUL-0: CVE-2019-14442: libav: an input file can result in infinite loop and hang, with 100% CPU consumption leading to DOS
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Wed, 31 Jul 2019 08:08:03 +0000
  • Message-id: <bug-1143561-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1143561


Bug ID: 1143561
Summary: VUL-0: CVE-2019-14442: libav: an input file can result
in infinite loop and hang, with 100% CPU consumption
leading to DOS
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 15.0
Hardware: Other
URL: https://smash.suse.de/issue/238327/
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: alarrosa@xxxxxxxx
Reporter: atoptsoglou@xxxxxxxx
QA Contact: security-team@xxxxxxx
Found By: Security Response Team
Blocker: ---

CVE-2019-14442

In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can
result in an avio_seek infinite loop and hang, with 100% CPU consumption.
Attackers could leverage this vulnerability to cause a denial of service via a
crafted file.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14442
https://bugzilla.libav.org/show_bug.cgi?id=1159

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >