Published: 12/12/2017 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The swri_audio_convert function in audioconvert.c in FFmpeg libswresample up to and including 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
aubio aubio 0.4.6
ffmpeg ffmpeg 3.4.1
ffmpeg libswresample

Debian Bug report logs - #904906 aubio: CVE-2018-14523: global-buffer-overflow Package: src:aubio; Maintainer for src:aubio is Paul Brossier <piem@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 29 Jul 2018 11:21:02 UTC Severity: important Tags: fixed-upstream, security, upstream Found ...

Debian Bug report logs - #884237 aubio: CVE-2017-17554 Package: src:aubio; Maintainer for src:aubio is Paul Brossier <piem@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 12 Dec 2017 20:33:05 UTC Severity: important Tags: security, upstream Found in version aubio/045-1 Fixed in versio ...

Debian Bug report logs - #883355 aubio: CVE-2017-17054: divide by zero in function new_aubio_source_wavread() Package: src:aubio; Maintainer for src:aubio is Paul Brossier <piem@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 2 Dec 2017 21:36:01 UTC Severity: important Tags: fixed-upstr ...

Debian Bug report logs - #884232 ffmpeg: CVE-2017-17555 Package: src:aubio; Maintainer for src:aubio is Paul Brossier <piem@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 12 Dec 2017 20:18:04 UTC Severity: normal Tags: security, upstream Found in version aubio/045-1 Fixed in version ...

Debian Bug report logs - #904908 aubio: CVE-2018-14521: SEGV signal can occur in aubio_source_avcodec_readframe in io/source_avcodecc Package: src:aubio; Maintainer for src:aubio is Paul Brossier <piem@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 29 Jul 2018 11:27:01 UTC Severity: im ...

Debian Bug report logs - #904907 aubio: CVE-2018-14522: SEGV signal can occur in aubio_pitch_set_unit in pitch/pitchc Package: src:aubio; Maintainer for src:aubio is Paul Brossier <piem@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 29 Jul 2018 11:24:01 UTC Severity: important Tags: fi ...

CWE-476 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference%28DoS%29%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904906

CVE-2017-17555

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect