PT-2017-14697 · FFmpeg · Ffmpeg

Insu Yun

Published

2017-11-30

Updated

2024-06-15

CVE-2017-17081

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions FFmpeg versions 2.3 through 3.4

Description The issue is related to the gmc mmx function in libavcodec/x86/mpegvideodsp.c, which does not properly validate widths and heights. This allows remote attackers to cause a denial of service via a crafted MPEG file, resulting in an integer signedness error and out-of-array read.

Recommendations For FFmpeg versions 2.3 through 3.4, consider updating to a version where this issue is fixed, as the current version does not properly handle the validation of widths and heights in the gmc mmx function.

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2017-17081

DSA-4099-1

MGASA-2018-0008

MGASA-2018-0116

OPENSUSE-SU-2018:0470-1

OPENSUSE-SU-2018:0476-1

OPENSUSE-SU-2024:10754-1

Affected Products

Ffmpeg

PT-2017-14697 · FFmpeg · Ffmpeg

CVE-2017-17081

Weakness Enumeration

Related Identifiers

Affected Products

References · 82