CVE-2017-9996

Name of the Vulnerable Software and Affected Versions FFmpeg versions 2.8.x through 2.8.11 FFmpeg versions 3.0.x through 3.0.7 FFmpeg versions 3.1.x through 3.1.7 FFmpeg versions 3.2.x through 3.2.4 FFmpeg versions 3.3.x through 3.3.0

Description The issue is related to the cdxl decode frame function in libavcodec/cdxl.c, which does not exclude the CHUNKY format. This allows remote attackers to cause a denial of service, resulting in a heap-based buffer overflow and application crash, or possibly have other unspecified impacts via a crafted file.

Recommendations For FFmpeg versions 2.8.x through 2.8.11, update to version 2.8.12 or later. For FFmpeg versions 3.0.x through 3.0.7, update to version 3.0.8 or later. For FFmpeg versions 3.1.x through 3.1.7, update to version 3.1.8 or later. For FFmpeg versions 3.2.x through 3.2.4, update to version 3.2.5 or later. For FFmpeg versions 3.3.x through 3.3.0, update to version 3.3.1 or later.