CVE-2017-11719

HIGH

FFmpeg <3.3.2 - DoS

Title source: llm

Description

The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file.

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/100020

[Issue Tracking, Patch, Third Party Advisory] https://github.com/FFmpeg/FFmpeg/commit/296debd213bd6dce7647cedd34eb64e5b94cdc92

[Patch] https://github.com/FFmpeg/FFmpeg/commit/f31fc4755f69ab26bf6e8be47875b7dcede8e29e

View Patch ZIP pw:eip

[Third Party Advisory] http://www.debian.org/security/2017/dsa-3957

Scores

CVSS v3 7.8

EPSS 0.0025

EPSS Percentile 47.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-125

Status draft

Affected Products (1)

ffmpeg/ffmpeg < 3.3.2

Timeline

Published Jul 28, 2017

Tracked Since Feb 18, 2026