Published: 21/11/2017 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote malicious users to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ffmpeg ffmpeg 3.0
ffmpeg ffmpeg 3.4
debian debian linux 9.0

Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed For the stable distribution (stretch), these problems have been fixed in version 7:329-1~deb9u1 We recommend that you upgrade your ffmpeg ...

The VC-2 Video Compression encoder in FFmpeg 34 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2encc and libavcodec/vc2enc_dwtc ...

POC CVE-2017-16231 CVE-2017-16232 CVE-2017-16840 CVE-2019-9116

CWE-125 http://www.securityfocus.com/bid/101924 https://www.debian.org/security/2017/dsa-4049 https://github.com/FFmpeg/FFmpeg/commit/94e538aebbc9f9c529e8b1f2eda860cfb8c473b1 http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=a94cb36ab2ad99d3a1331c9f91831ef593d94f74 https://nvd.nist.gov https://www.debian.org/security/./dsa-4049

CVE-2017-16840

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect