{"id":"CVE-2018-13303","details":"In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.","modified":"2026-04-11T06:58:46.902506Z","published":"2018-07-05T17:29:00.500Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/104675"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/00e8181bd97c834fe60751b0c511d4bb97875f78"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ffmpeg/ffmpeg","events":[{"introduced":"0"},{"last_affected":"e049f7c24fc6aa5fc925f860e2ad940a75cfd84f"},{"fixed":"00e8181bd97c834fe60751b0c511d4bb97875f78"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.0.1"}]}}],"versions":["N","n0.11-dev","n0.12-dev","n0.8","n1.1-dev","n1.2-dev","n1.3-dev","n2.0","n2.1-dev","n2.2-dev","n2.3-dev","n2.4-dev","n2.5-dev","n2.6-dev","n2.7-dev","n2.8-dev","n2.9-dev","n3.1-dev","n3.2-dev","n3.3-dev","n3.4-dev","n3.5-dev","n4.0","n4.0.1","n4.1-dev"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-13303.json","vanir_signatures":[{"signature_version":"v1","source":"https://github.com/ffmpeg/ffmpeg/commit/00e8181bd97c834fe60751b0c511d4bb97875f78","signature_type":"Function","id":"CVE-2018-13303-44c73212","digest":{"length":375,"function_hash":"142391142906413682480041211024204642092"},"deprecated":false,"target":{"file":"libavcodec/ac3_parser.c","function":"avpriv_ac3_parse_header"}},{"signature_version":"v1","source":"https://github.com/ffmpeg/ffmpeg/commit/00e8181bd97c834fe60751b0c511d4bb97875f78","signature_type":"Line","id":"CVE-2018-13303-a1c2a195","digest":{"line_hashes":["212924937453151307161016188838557761501","43197743373531770406142050929992758697","336388221455771699703553060708214641660","184902950246473843971472263661582995389"],"threshold":0.9},"deprecated":false,"target":{"file":"libavcodec/ac3_parser.c"}}],"vanir_signatures_modified":"2026-04-11T06:58:46Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}