CVE-2017-9608

MEDIUM

FFmpeg <3.2.6, <3.3.3 - DoS

Title source: llm

Description

The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file.

Exploits (1)

nomisec WRITEUP
by LaCinquette · poc
https://github.com/LaCinquette/practice-22-23

References (7)

Scores

CVSS v3 6.5
EPSS 0.0894
EPSS Percentile 92.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (1)
ffmpeg/ffmpeg < 3.2.6
Published Dec 27, 2017
Tracked Since Feb 18, 2026