Other IDs this deficiency may be known by:
|Date Last Modified
Version Specific Information:
|Cucumber 1.0 i686||fixed in ffmpeg-3.3.8-i686-1 |
|Cucumber 1.0 x86_64||fixed in ffmpeg-3.3.8-x86_64-1 and ffmpeg-lib_i686-3.3.8-lib_i686-1 |
|Cucumber 1.1 i686
||fixed in ffmpeg-3.3.8-i686-1 |
|Cucumber 1.1 x86_64
||fixed in ffmpeg-3.3.8-x86_64-1 and ffmpeg-lib_i686-3.3.8-lib_i686-1 |
================================= Our Analysis =================================
----- Affected Products -----
Versions of ffmpeg 3.3.x up to and including 3.3.7 are vulnerable, unless they
have had the patch from
applied. As of this writing (Wed Jul 18 11:29:04 EDT 2018), 3.3.7 is the latest
version of ffmpeg 3.3.x; it is unknown if future versions will be affected.
Ffmpeg as originally packaged in Cucumber Linux 1.0 and 1.1 is vulnerable.
----- Scope and Impact of this Vulnerability -----
Allowed for a denial of service (application crash) or possibly other
unspecified impacts while converting a specially crafted AVI file to MPEG4.
----- Fix for this Vulnerability -----
This vulnerability can be fixed by applying the patch from
================================= Our Solution =================================
We are in the process of applying the aforementioned patch and rebuilding.