CVE-2019-18214
Severity Score
7.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)
La aplicación Video_Converter versión 0.1.0 para Nextcloud, permite la denegación de servicio (consumo de CPU y memoria) por medio de múltiples conversiones simultáneas porque muchos procesos FFmpeg pueden ser ejecutados al mismo tiempo. (La carga de trabajo no está en cola para la ejecución en serie).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-10-19 CVE Reserved
- 2019-10-19 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-772: Missing Release of Resource after Effective Lifetime
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/PaulLereverend/NextcloudVideo_Converter/issues/22 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Video Converter Project Search vendor "Video Converter Project" | Video Converter Search vendor "Video Converter Project" for product "Video Converter" | 0.1.0 Search vendor "Video Converter Project" for product "Video Converter" and version "0.1.0" | nextcloud |
Affected
| ||||||