Summaryinfo

A vulnerability, which was classified as problematic, was found in Video_Converter App 0.1.0 on Nextcloud. This affects an unknown part of the component FFmpeg. The manipulation leads to release of resource. This vulnerability is uniquely identified as CVE-2019-18214. It is possible to initiate the attack remotely. There is no exploit available. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Detailsinfo

A vulnerability, which was classified as problematic, has been found in Video_Converter App 0.1.0 on Nextcloud. Affected by this issue is an unknown code of the component FFmpeg. The manipulation with an unknown input leads to a release of resource vulnerability. Using CWE to declare the problem leads to CWE-772. The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed. Impacted is availability. CVE summarizes:

The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)

The weakness was released 10/19/2019. This vulnerability is handled as CVE-2019-18214 since 10/19/2019. The exploitation is known to be easy. The attack may be launched remotely. A simple authentication is needed for exploitation. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1499 by the MITRE ATT&CK project.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Name

• Video_Converter App

Version

• 0.1.0

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion