CVE-2017-17081

Published: Nov 30, 2017 Last Modified: Apr 20, 2025 EU-VD ID: EUVD-2017-8247 Aliases: GSD-2017-17081

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,5

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: required

Scope: unchanged

Confidentiality: none

Integrity: none

Availability: high

MEDIUM 4,3

Source: [email protected]

Access Vector: network

Access Complexity: medium

Authentication: none

Confidentiality: none

Integrity: none

Availability: partial

Description

AI Translation Available

The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0053

Percentile

0,7th

Updated

EPSS Score Trend (Last 90 Days)

125

Out-of-bounds Read

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Availability Other

Potential Impacts:

Read Memory Bypass Protection Mechanism Dos: Crash, Exit, Or Restart Varies By Context

Applicable Platforms

Languages: C, C++, Memory-Unsafe

Technologies: ICS/OT

View CWE Details

Application

Ffmpeg by Ffmpeg

Product Information

Vendor Ffmpeg

Product Ffmpeg

Version 3.4

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:ffmpeg:ffmpeg:3.4:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3516#…

Issue Tracking

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3516#c1

https://github.com/FFmpeg/FFmpeg/commit/27f8d386829689c346f…

https://github.com/FFmpeg/FFmpeg/commit/27f8d386829689c346ff0cef00d3af57b9fb8903

https://github.com/FFmpeg/FFmpeg/commit/58cf31cee7a456057f3…

Patch Vendor Advisory

https://github.com/FFmpeg/FFmpeg/commit/58cf31cee7a456057f337b3102a03206d833d5e8

https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2017-Novemb…

Issue Tracking Patch

https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2017-November/219748.html

https://www.debian.org/security/2018/dsa-4099

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3516#…

Issue Tracking

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3516#c1

https://github.com/FFmpeg/FFmpeg/commit/27f8d386829689c346f…

https://github.com/FFmpeg/FFmpeg/commit/27f8d386829689c346ff0cef00d3af57b9fb8903

https://github.com/FFmpeg/FFmpeg/commit/58cf31cee7a456057f3…

Patch Vendor Advisory

https://github.com/FFmpeg/FFmpeg/commit/58cf31cee7a456057f337b3102a03206d833d5e8

https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2017-Novemb…

Issue Tracking Patch

https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2017-November/219748.html

https://www.debian.org/security/2018/dsa-4099

CVE-2017-17081

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Out-of-bounds Read

Common Consequences

Applicable Platforms

Ffmpeg by Ffmpeg

Product Information

Iscriviti alla newsletter