Vulnerability Details : CVE-2017-9995
libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2017-9995
- cpe:2.3:a:ffmpeg:ffmpeg:3.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-9995
0.38%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-9995
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-9995
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-9995
-
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1478
1478 - ffmpeg: Heap-buffer-overflow in decompress_i - oss-fuzz - MonorailIssue Tracking;Third Party Advisory
-
http://www.securityfocus.com/bid/99320
FFmpeg CVE-2017-9995 Multiple Heap Buffer Overflow VulnerabilitiesThird Party Advisory;VDB Entry
-
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1519
1519 - ffmpeg: Index-out-of-bounds in decode_unit - oss-fuzz - MonorailIssue Tracking;Third Party Advisory
-
https://github.com/FFmpeg/FFmpeg/commit/2171dfae8c065878a2e130390eb78cf2947a5b69
avcodec/scpr: Fix multiple runtime error: index 256 out of bounds for… · FFmpeg/FFmpeg@2171dfa · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://github.com/FFmpeg/FFmpeg/commit/7ac5067146613997bb38442cb022d7f41321a706
avcodec/scpr: Check y in first line loop in decompress_i() · FFmpeg/FFmpeg@7ac5067 · GitHubIssue Tracking;Patch;Third Party Advisory
Jump to