{"id":"CVE-2018-12460","details":"libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly detected while converting a crafted AVI file to MPEG4, leading to a denial of service, related to idctdsp.c and mpegvideo.c.","modified":"2026-04-11T06:58:44.373586Z","published":"2018-06-15T15:29:00.327Z","references":[{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/b3332a182f8ba33a34542e4a0370f38b914ccf7d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ffmpeg/ffmpeg","events":[{"introduced":"0"},{"last_affected":"ace829cb45cff530b8a0aed6adf18f329d7a98f6"},{"fixed":"b3332a182f8ba33a34542e4a0370f38b914ccf7d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.0"}]}}],"versions":["N","n0.11-dev","n0.12-dev","n0.8","n1.1-dev","n1.2-dev","n1.3-dev","n2.0","n2.1-dev","n2.2-dev","n2.3-dev","n2.4-dev","n2.5-dev","n2.6-dev","n2.7-dev","n2.8-dev","n2.9-dev","n3.1-dev","n3.2-dev","n3.3-dev","n3.4-dev","n3.5-dev","n4.0","n4.1-dev"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-12460.json","vanir_signatures":[{"id":"CVE-2018-12460-33b6afd3","signature_type":"Line","target":{"file":"libavcodec/mpegvideo.c"},"digest":{"threshold":0.9,"line_hashes":["203287591705143062107314822259186818250","282324406643675235954044795659311484560","333694940045075628046426726534229330266","163351085974951288276078275623224076606"]},"deprecated":false,"signature_version":"v1","source":"https://github.com/ffmpeg/ffmpeg/commit/b3332a182f8ba33a34542e4a0370f38b914ccf7d"},{"id":"CVE-2018-12460-35b548de","signature_type":"Function","target":{"file":"libavcodec/idctdsp.c","function":"ff_idctdsp_init"},"digest":{"length":2672,"function_hash":"28671708147843153440469134798873711068"},"deprecated":false,"signature_version":"v1","source":"https://github.com/ffmpeg/ffmpeg/commit/b3332a182f8ba33a34542e4a0370f38b914ccf7d"},{"id":"CVE-2018-12460-9110840e","signature_type":"Line","target":{"file":"libavcodec/idctdsp.c"},"digest":{"threshold":0.9,"line_hashes":["126536519982937281418884318443799011247","250889362032603908287582132871077149337","290159734777921403366208928525488705450","260773072982675090556546599099380073658"]},"deprecated":false,"signature_version":"v1","source":"https://github.com/ffmpeg/ffmpeg/commit/b3332a182f8ba33a34542e4a0370f38b914ccf7d"},{"id":"CVE-2018-12460-b8d9faf7","signature_type":"Function","target":{"file":"libavcodec/mpegvideo.c","function":"ff_mpv_idct_init"},"digest":{"length":750,"function_hash":"39856762836001306115006842251816044728"},"deprecated":false,"signature_version":"v1","source":"https://github.com/ffmpeg/ffmpeg/commit/b3332a182f8ba33a34542e4a0370f38b914ccf7d"},{"id":"CVE-2018-12460-f62ef0ba","signature_type":"Line","target":{"file":"libavcodec/idctdsp.h"},"digest":{"threshold":0.9,"line_hashes":["130799097354866713191710292741187585976","256346152185321240798215610385516487639","73658507746507163792722605294300294903","73753474191504460849366634306293844425"]},"deprecated":false,"signature_version":"v1","source":"https://github.com/ffmpeg/ffmpeg/commit/b3332a182f8ba33a34542e4a0370f38b914ccf7d"}],"vanir_signatures_modified":"2026-04-11T06:58:44Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}