{"id":"CVE-2019-11339","details":"The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data.","modified":"2026-04-10T04:50:24.672838Z","published":"2019-04-19T00:29:00.293Z","related":["openSUSE-SU-2020:0024-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html"},{"type":"WEB","url":"https://usn.ubuntu.com/3967-1/"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/108037"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ffmpeg/ffmpeg","events":[{"introduced":"ace829cb45cff530b8a0aed6adf18f329d7a98f6"},{"fixed":"ee66e04bc9dbbcf95114a103f174ed54b2260758"},{"introduced":"3c1ecb057d7621e57968624aa15ad3e9efc819f7"},{"fixed":"a7cb7a2e4314956e06a351333ff8096fab9afa7f"},{"fixed":"1f686d023b95219db933394a7704ad9aa5f01cbb"},{"fixed":"d227ed5d598340e719eff7156b1aa0a4469e9a6a"}],"database_specific":{"versions":[{"introduced":"4.0"},{"fixed":"4.0.4"},{"introduced":"4.1"},{"fixed":"4.1.2"}]}}],"versions":["n4.0","n4.0.1","n4.0.2","n4.0.3","n4.1","n4.1-dev","n4.1.1","n4.2-dev"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11339.json","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["294836802028254104437015519727142575903","329944762376806700361291339240494798822","320298714614336043866888945378643631563","59044922675942639841070301700479117755"]},"signature_version":"v1","source":"https://github.com/ffmpeg/ffmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb","deprecated":false,"id":"CVE-2019-11339-aa5b60c2","signature_type":"Line","target":{"file":"libavcodec/mpeg4videodec.c"}},{"digest":{"length":1782,"function_hash":"312495717718519555182595270957768899859"},"signature_version":"v1","source":"https://github.com/ffmpeg/ffmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb","deprecated":false,"id":"CVE-2019-11339-b21214eb","signature_type":"Function","target":{"function":"decode_studio_vop_header","file":"libavcodec/mpeg4videodec.c"}}],"vanir_signatures_modified":"2026-04-10T04:50:24Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}