CVE-2017-7206

Name of the Vulnerable Software and Affected Versions libav versions 9.21

Description The issue allows remote attackers to cause a denial of service or obtain sensitive information from process memory via a crafted h264 video file. This is due to a heap-based buffer over-read in the ff h2645 extract rbsp function in libavcodec.

Recommendations For libav version 9.21, consider updating to a newer version that contains a fix for this issue, as using a crafted h264 video file could lead to a denial of service or sensitive information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.