CVE-2017-11719
HIGHFFmpeg 3.0-3.3.2 - Out-of-bounds Read in DNxHD Decoder
Title source: llmDescription
The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100020
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3957
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/FFmpeg/FFmpeg/commit/296debd213bd6dce7647cedd34eb64e5b94cdc92
Patch x_refsource_misc
https://github.com/FFmpeg/FFmpeg/commit/f31fc4755f69ab26bf6e8be47875b7dcede8e29e
Scores
CVSS v3
7.8
EPSS
0.0174
EPSS Percentile
74.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-125
Status
published
Products (1)
ffmpeg/ffmpeg
< 3.3.2
Published
Jul 28, 2017
Tracked Since
Feb 18, 2026