CVE-2017-11399

Name of the Vulnerable Software and Affected Versions: FFmpeg versions 2.4 through 3.3.2

Description: The issue is related to an integer overflow in the ape decode frame function in libavcodec/apedec.c of the FFmpeg library. This can be exploited by a remote attacker using a specially crafted APE file, potentially leading to a denial of service (out-of-array access and application crash) or other unspecified impacts. The exploitation may allow the attacker to access confidential data, compromise its integrity, or cause a service disruption.

Recommendations: For FFmpeg versions 2.4 through 3.3.2, consider updating to a version where this issue is fixed, as using a crafted APE file can lead to a denial of service or other unspecified impacts. As a temporary workaround, consider restricting the use of the ape decode frame function in libavcodec/apedec.c until a patch is available. Avoid using specially crafted APE files with the affected FFmpeg versions to minimize the risk of exploitation.