9.8

CVE-2017-16840

The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FfmpegFfmpeg Version3.0
FfmpegFfmpeg Version3.4
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.33% 0.87
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://www.debian.org/security/2017/dsa-4049
Vendor Advisory
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=a94cb36ab2ad99d3a1331c9f91831ef593d94f74
http://www.securityfocus.com/bid/101924
Third Party Advisory
VDB Entry
https://github.com/FFmpeg/FFmpeg/commit/94e538aebbc9f9c529e8b1f2eda860cfb8c473b1
Patch
Third Party Advisory