CVE-2017-16840

Опубликовано: 21 нояб. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c.

Ссылки

http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=a94cb36ab2ad99d3a1331c9f91831ef593d94f74
http://www.securityfocus.com/bid/101924
Third Party Advisory
VDB Entry
https://github.com/FFmpeg/FFmpeg/commit/94e538aebbc9f9c529e8b1f2eda860cfb8c473b1
Patch
Third Party Advisory
https://www.debian.org/security/2017/dsa-4049
Vendor Advisory
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=a94cb36ab2ad99d3a1331c9f91831ef593d94f74
http://www.securityfocus.com/bid/101924
Third Party Advisory
VDB Entry
https://github.com/FFmpeg/FFmpeg/commit/94e538aebbc9f9c529e8b1f2eda860cfb8c473b1
Patch
Third Party Advisory
https://www.debian.org/security/2017/dsa-4049
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ffmpeg:ffmpeg:3.0:*:*:*:*:*:*:*

cpe:2.3:a:ffmpeg:ffmpeg:3.4:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.01585

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2017-16840

CVSS3: 9.8

ubuntu

около 8 лет назад

CVE-2017-16840

CVSS3: 9.8

debian

около 8 лет назад

The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote ...

GHSA-m395-w54c-5rmj

CVSS3: 9.8

github

больше 3 лет назад

EPSS

Процентиль: 81%

0.01585

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-125