Search for vulnerabilities
Vulnerability details: VCID-jkhj-2usb-aaaf
Vulnerability ID VCID-jkhj-2usb-aaaf
Aliases CVE-2019-12730
Summary aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-908 Use of Uninitialized Resource
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12730.html
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.01704 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.03064 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.03064 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.03064 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.03064 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.03916 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.04424 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.04424 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.04424 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.04424 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.04424 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.04424 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.04424 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.05934 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.05934 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
epss 0.05934 https://api.first.org/data/v1/epss?cve=CVE-2019-12730
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15822
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1999011
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11338
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12730
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9718
cvssv3 4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual Medium https://github.com/FFmpeg/FFmpeg/commit/ed188f6dcdf0935c939ed813cf8745d50742014b
generic_textual Medium https://github.com/FFmpeg/FFmpeg/compare/a97ea53...ba11e40
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-12730
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-12730
generic_textual Medium https://ubuntu.com/security/notices/USN-4431-1
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12730.html
https://api.first.org/data/v1/epss?cve=CVE-2019-12730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15822
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1999011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11338
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9718
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/9b4004c054964a49c7ba44583f4cee22486dd8f2
https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1.4
https://github.com/FFmpeg/FFmpeg/commit/ed188f6dcdf0935c939ed813cf8745d50742014b
https://github.com/FFmpeg/FFmpeg/compare/a97ea53...ba11e40
https://seclists.org/bugtraq/2019/Aug/30
https://security.gentoo.org/glsa/202003-65
https://ubuntu.com/security/notices/USN-4431-1
https://usn.ubuntu.com/4431-1/
https://www.debian.org/security/2019/dsa-4502
http://www.securityfocus.com/bid/109317
932469 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932469
cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
CVE-2019-12730 https://nvd.nist.gov/vuln/detail/CVE-2019-12730
No exploits are available.
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2019-12730
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-12730
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.80634
EPSS Score 0.01704
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.