{"id":"CVE-2018-14395","details":"libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format.","modified":"2026-04-11T12:27:26.971165Z","published":"2018-07-19T05:29:00.273Z","related":["SUSE-SU-2019:1299-1","SUSE-SU-2019:1299-2"],"references":[{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1041394"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4258"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/2c0e98a0b478284bdff6d7a4062522605a8beae5"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ffmpeg/ffmpeg","events":[{"introduced":"0"},{"last_affected":"340cea9f22c162e10d120835661e132721b7454b"},{"introduced":"0"},{"last_affected":"ace829cb45cff530b8a0aed6adf18f329d7a98f6"},{"fixed":"2c0e98a0b478284bdff6d7a4062522605a8beae5"},{"fixed":"fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.2"},{"introduced":"0"},{"last_affected":"4.0"}]}}],"versions":["N","n0.11-dev","n0.12-dev","n0.8","n1.1-dev","n1.2-dev","n1.3-dev","n2.0","n2.1-dev","n2.2-dev","n2.3-dev","n2.4-dev","n2.5-dev","n2.6-dev","n2.7-dev","n2.8-dev","n2.9-dev","n3.1-dev","n3.2","n3.2-dev","n3.2.1","n3.2.10","n3.2.11","n3.2.2","n3.2.3","n3.2.4","n3.2.5","n3.2.6","n3.2.7","n3.2.8","n3.2.9","n3.3-dev","n3.4-dev","n3.5-dev","n4.0","n4.1-dev"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/ffmpeg/ffmpeg/commit/fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582","digest":{"function_hash":"102827977244515592418039999533830258363","length":4429},"signature_type":"Function","signature_version":"v1","id":"CVE-2018-14395-81cf19f1","deprecated":false,"target":{"file":"libavformat/movenc.c","function":"mov_write_audio_tag"}},{"source":"https://github.com/ffmpeg/ffmpeg/commit/2c0e98a0b478284bdff6d7a4062522605a8beae5","digest":{"function_hash":"44736351853163418595392144319364648043","length":3886},"signature_type":"Function","signature_version":"v1","id":"CVE-2018-14395-c30bc0a5","deprecated":false,"target":{"file":"libavformat/movenc.c","function":"mov_write_audio_tag"}},{"source":"https://github.com/ffmpeg/ffmpeg/commit/fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582","digest":{"line_hashes":["88413214916599869005262271461099492956","99490026392498700389421665331387618439","22818687448778883533567042380121543425","148013509794614994762799630272833705423"],"threshold":0.9},"signature_type":"Line","signature_version":"v1","id":"CVE-2018-14395-efe74b9b","deprecated":false,"target":{"file":"libavformat/movenc.c"}},{"source":"https://github.com/ffmpeg/ffmpeg/commit/2c0e98a0b478284bdff6d7a4062522605a8beae5","digest":{"line_hashes":["88413214916599869005262271461099492956","99490026392498700389421665331387618439","22818687448778883533567042380121543425","148013509794614994762799630272833705423"],"threshold":0.9},"signature_type":"Line","signature_version":"v1","id":"CVE-2018-14395-f544f8fd","deprecated":false,"target":{"file":"libavformat/movenc.c"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14395.json","vanir_signatures_modified":"2026-04-11T12:27:26Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}