Published: 13/11/2017 Updated: 27/11/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

In Libav up to and including 11.11 and 12.x up to and including 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote malicious users to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libav libav 12.0
libav libav
libav libav 12.1

Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library A full list of the changes is available at gitlibavorg/?p=libavgit;a=blob;f=Changelog;hb=refs/tags/v1112 For the oldstable distribution (jessie), this problem has been fixed in version 6:1112-1~deb8u1 We recommend that you u ...

CWE-119 https://github.com/libav/libav/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f https://bugzilla.libav.org/show_bug.cgi?id=1098 http://www.securityfocus.com/bid/101882 https://www.debian.org/security/2018/dsa-4119 https://security.gentoo.org/glsa/201811-19 https://www.debian.org/security/./dsa-4119 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-16803

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect