Vulnerability Name:

CVE-2017-17081

Assigned:2017-11-30
Published:2017-11-30
Updated:2017-11-30
Summary:The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file.
CVSS v3 Severity:3.3 Low (CCN CVSS v3 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
2.9 Low (CCN Temporal CVSS v3 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:
References:Source: MISC
Type: UNKNOWN
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3516#c1

Source: XF
Type: UNKNOWN
ffmpeg-cve201717081-dos(135755)

Source: MISC
Type: UNKNOWN
https://github.com/FFmpeg/FFmpeg/commit/58cf31cee7a456057f337b3102a03206d833d5e8

Source: MISC
Type: UNKNOWN
https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2017-November/219748.html

Vulnerable Configuration:
Configuration CCN 1:
  • cpe:/a:ffmpeg:ffmpeg:3.4:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.xenial:def:201717081000
    V
    CVE-2017-17081 on Ubuntu 16.04 LTS (xenial) - low.
    2017-11-30
    oval:com.ubuntu.trusty:def:201717081000
    V
    CVE-2017-17081 on Ubuntu 14.04 LTS (trusty) - low.
    2017-11-30
    BACK