Vulnerability Details : CVE-2017-11665
The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2017-11665
- cpe:2.3:a:ffmpeg:ffmpeg:3.3.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-11665
0.42%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-11665
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2017-11665
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-11665
-
https://github.com/FFmpeg/FFmpeg/commit/ffcc82219cef0928bed2d558b19ef6ea35634130
avformat/rtmppkt: Convert ff_amf_get_field_value() to bytestream2 · FFmpeg/FFmpeg@ffcc822 · GitHub
-
http://www.securityfocus.com/bid/100017
FFmpeg 'libavformat/rtmppkt.c' Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://www.debian.org/security/2017/dsa-3957
Debian -- Security Information -- DSA-3957-1 ffmpeg
Jump to