CVE-2017-17081
Debian Security Advisory 4099-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file.
La función gmc_mmx en libavcodec/x86/mpegvideodsp.c en FFmpeg versión 2.3 y 3.4 no valida correctamente los anchos y altos. Esto permite que atacantes remotos provoquen una denegación de servicio (error en la propiedad signedness de un número entero y lectura fuera de array) mediante un archivo MPEG manipulado
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-11-30 CVE Reserved
- 2017-11-30 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3516#c1 | Issue Tracking | |
| https://github.com/FFmpeg/FFmpeg/commit/27f8d386829689c346ff0cef00d3af57b9fb8903 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/FFmpeg/FFmpeg/commit/58cf31cee7a456057f337b3102a03206d833d5e8 | 2021-01-05 | |
| https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2017-November/219748.html | 2021-01-05 |
| URL | Date | SRC |
|---|---|---|
| https://www.debian.org/security/2018/dsa-4099 | 2021-01-05 |