0.002 Low
EPSS
Percentile
59.8%
A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.
bugzilla.redhat.com/show_bug.cgi?id=1708107
nvd.nist.gov/vuln/detail/CVE-2019-9721
www.cve.org/CVERecord?id=CVE-2019-9721