CVE-2017-14225

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-14225
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-14225.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-14225
Downstream
Related
Published
2017-09-09T08:29:00Z
Modified
2025-10-22T08:11:21.283848Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The avcolorprimariesname function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodecstring function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in avcolorprimaries_name calls within the ffprobe command-line program.)

References

Affected packages

Git / git.ffmpeg.org/ffmpeg.git

Affected ranges

Type
GIT
Repo
https://git.ffmpeg.org/ffmpeg.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected

Git / git.ffmpeg.org/ffmpeg.git

Affected ranges

Type
GIT
Repo
https://github.com/ffmpeg/ffmpeg
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
837cb4325b712ff1aab531bf41668933f61d75d2

Affected versions

Other

N

n0.*

n0.11-dev
n0.12-dev
n0.8

n1.*

n1.1-dev
n1.2-dev
n1.3-dev

n2.*

n2.0
n2.1-dev
n2.2-dev
n2.3-dev
n2.4-dev
n2.5-dev
n2.6-dev
n2.7-dev
n2.8-dev
n2.9-dev

n3.*

n3.1-dev
n3.2-dev
n3.3-dev
n3.4-dev

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/ffmpeg/ffmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2",
        "id": "CVE-2017-14225-32b61689",
        "digest": {
            "function_hash": "77237116678450317504861665754180746434",
            "length": 5905.0
        },
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "show_frame",
            "file": "ffprobe.c"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://github.com/ffmpeg/ffmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2",
        "id": "CVE-2017-14225-e7272f5d",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "221450128087687587250176144148539325100",
                "282117115556129521606131410372994239809",
                "59784664286405779544678447087242695979",
                "200757870420612979136223310417180935883",
                "206983465700293464012508019338495991932",
                "324204992978656004876786522199568591030",
                "226824868637655105243935053886954605496",
                "166212197245934879213542457693968098175",
                "97749407353548720685995098263829641855",
                "175713908596454300390988151989973892858",
                "288572632161953875206801612015841901566",
                "151068263833046034148541722557307827477",
                "98960862588415697634310055435198106487",
                "272058216663923336752368374852584756776",
                "23575878678631716555516987196522829083",
                "308682154026749192593265264339310955803",
                "58346193510396188170803353064167596741"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "ffprobe.c"
        },
        "signature_type": "Line"
    },
    {
        "source": "https://github.com/ffmpeg/ffmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2",
        "id": "CVE-2017-14225-fe236c92",
        "digest": {
            "function_hash": "103073554096209478277459715807172093870",
            "length": 6846.0
        },
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "show_stream",
            "file": "ffprobe.c"
        },
        "signature_type": "Function"
    }
]