FFmpeg aa_read_header Uninitialized Variables Vulnerability

By GIXnews


A vulnerability in FFmpeg could allow an unauthenticated, remote attacker to access sensitive information on a targeted system.

The vulnerability is due to the improper handling of uninitialized variables performed by the aa_read_header function, as defined in the libavformat/aadec.c source code file of the affected software. An attacker could exploit this vulnerability by submitting a crafted file to the targeted system. A successful exploit could allow the attacker to access sensitive information, which could be used to conduct further attacks.

FFmpeg has confirmed this vulnerability and released a software patch.

Security Impact Rating: Medium

CVE: CVE-2019-12730

Source:: Cisco Multivendor Vulnerability Alerts