The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file.
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"99497488655434298647149463799167973397",
"139953449297124945114340788739349000224",
"48342063533814020514514237702143492153",
"62296206643640862599570083544025886110",
"66039701322916065952347494566869563446"
]
},
"id": "CVE-2017-17081-1c8014d9",
"target": {
"file": "libavcodec/x86/mpegvideodsp.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/ffmpeg/ffmpeg/commit/27f8d386829689c346ff0cef00d3af57b9fb8903",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "121043539817440664565750123988210661973",
"length": 4178.0
},
"id": "CVE-2017-17081-207cbed6",
"target": {
"function": "gmc_mmx",
"file": "libavcodec/x86/mpegvideodsp.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/ffmpeg/ffmpeg/commit/27f8d386829689c346ff0cef00d3af57b9fb8903",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"99497488655434298647149463799167973397",
"139953449297124945114340788739349000224",
"48342063533814020514514237702143492153",
"62296206643640862599570083544025886110",
"66039701322916065952347494566869563446"
]
},
"id": "CVE-2017-17081-432d4ca8",
"target": {
"file": "libavcodec/x86/mpegvideodsp.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/ffmpeg/ffmpeg/commit/58cf31cee7a456057f337b3102a03206d833d5e8",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "121043539817440664565750123988210661973",
"length": 4178.0
},
"id": "CVE-2017-17081-54e217cb",
"target": {
"function": "gmc_mmx",
"file": "libavcodec/x86/mpegvideodsp.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/ffmpeg/ffmpeg/commit/58cf31cee7a456057f337b3102a03206d833d5e8",
"signature_type": "Function"
}
]