PT-2017-14697 · FFmpeg · Ffmpeg

Insu Yun

Publicado

2017-11-30

Atualizado

2024-06-15

CVE-2017-17081

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions FFmpeg versions 2.3 through 3.4

Description The issue is related to the gmc mmx function in libavcodec/x86/mpegvideodsp.c, which does not properly validate widths and heights. This allows remote attackers to cause a denial of service via a crafted MPEG file, resulting in an integer signedness error and out-of-array read.

Recommendations For FFmpeg versions 2.3 through 3.4, consider updating to a version where this issue is fixed, as the current version does not properly handle the validation of widths and heights in the gmc mmx function.

Correção

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

CVE-2017-17081

DSA-4099-1

MGASA-2018-0008

MGASA-2018-0116

OPENSUSE-SU-2018:0470-1

OPENSUSE-SU-2018:0476-1

OPENSUSE-SU-2024:10754-1

Produtos afetados

Ffmpeg

PT-2017-14697 · FFmpeg · Ffmpeg

CVE-2017-17081

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 82