7.8

CVE-2017-9996

The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FfmpegFfmpeg Version2.8
FfmpegFfmpeg Version2.8.1
FfmpegFfmpeg Version2.8.2
FfmpegFfmpeg Version2.8.3
FfmpegFfmpeg Version2.8.4
FfmpegFfmpeg Version2.8.5
FfmpegFfmpeg Version2.8.6
FfmpegFfmpeg Version2.8.7
FfmpegFfmpeg Version2.8.8
FfmpegFfmpeg Version2.8.9
FfmpegFfmpeg Version2.8.10
FfmpegFfmpeg Version2.8.11
FfmpegFfmpeg Version3.0
FfmpegFfmpeg Version3.0.1
FfmpegFfmpeg Version3.0.2
FfmpegFfmpeg Version3.0.3
FfmpegFfmpeg Version3.0.4
FfmpegFfmpeg Version3.0.5
FfmpegFfmpeg Version3.0.6
FfmpegFfmpeg Version3.0.7
FfmpegFfmpeg Version3.1
FfmpegFfmpeg Version3.1.1
FfmpegFfmpeg Version3.1.2
FfmpegFfmpeg Version3.1.3
FfmpegFfmpeg Version3.1.4
FfmpegFfmpeg Version3.1.5
FfmpegFfmpeg Version3.1.6
FfmpegFfmpeg Version3.1.7
FfmpegFfmpeg Version3.2
FfmpegFfmpeg Version3.2.1
FfmpegFfmpeg Version3.2.2
FfmpegFfmpeg Version3.2.3
FfmpegFfmpeg Version3.2.4
FfmpegFfmpeg Version3.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.85% 0.763
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/bid/99323
Third Party Advisory
VDB Entry
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1378
Third Party Advisory
Issue Tracking
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1427
Third Party Advisory
Issue Tracking
https://github.com/FFmpeg/FFmpeg/commit/1e42736b95065c69a7481d0cf55247024f54b660
Patch
Third Party Advisory
Issue Tracking
https://github.com/FFmpeg/FFmpeg/commit/e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d
Patch
Third Party Advisory
Issue Tracking