Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-9994

Опубликовано: 28 июн. 2017
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.8
CVSS3: 7.8

Описание

libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions.

РелизСтатусПримечание
artful

not-affected

7:3.2.6-1
bionic

not-affected

7:3.2.6-1
cosmic

not-affected

7:3.2.6-1
devel

not-affected

7:3.2.6-1
disco

not-affected

7:3.2.6-1
esm-apps/bionic

not-affected

7:3.2.6-1
esm-apps/focal

not-affected

7:3.2.6-1
esm-apps/jammy

not-affected

7:3.2.6-1
esm-apps/noble

not-affected

7:3.2.6-1
esm-apps/xenial

released

7:2.8.14-0ubuntu0.16.04.1

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

esm-infra-legacy/trusty

needed

esm-infra/focal

DNE

focal

DNE

jammy

DNE

kinetic

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 62%
0.00422
Низкий

6.8 Medium

CVSS2

7.8 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2017-9994

CVSS3: 7.8
nvd
больше 8 лет назад

libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions.

debian логотип

CVE-2017-9994

CVSS3: 7.8
debian
больше 8 лет назад

libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x b ...

github логотип

GHSA-x7vx-g4mq-7q2h

CVSS3: 7.8
github
больше 3 лет назад

libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions.

EPSS

Процентиль: 62%
0.00422
Низкий

6.8 Medium

CVSS2

7.8 High

CVSS3