CVE-2017-9994

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 2.8.12 FFmpeg versions 3.0.x prior to 3.0.8 FFmpeg versions 3.1.x prior to 3.1.8 FFmpeg versions 3.2.x prior to 3.2.5 FFmpeg versions 3.3.x prior to 3.3.1

Description The issue allows remote attackers to cause a denial of service, resulting in a heap-based buffer overflow and application crash, or possibly have other unspecified impacts via a crafted file. This is related to the vp8 decode mb row no filter and pred8x8 128 dc 8 c functions.

Recommendations For FFmpeg versions prior to 2.8.12, update to version 2.8.12 or later. For FFmpeg versions 3.0.x prior to 3.0.8, update to version 3.0.8 or later. For FFmpeg versions 3.1.x prior to 3.1.8, update to version 3.1.8 or later. For FFmpeg versions 3.2.x prior to 3.2.5, update to version 3.2.5 or later. For FFmpeg versions 3.3.x prior to 3.3.1, update to version 3.3.1 or later.