The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file.
[ { "signature_type": "Line", "id": "CVE-2017-17081-1c8014d9", "source": "https://github.com/ffmpeg/ffmpeg/commit/27f8d386829689c346ff0cef00d3af57b9fb8903", "signature_version": "v1", "target": { "file": "libavcodec/x86/mpegvideodsp.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "99497488655434298647149463799167973397", "139953449297124945114340788739349000224", "48342063533814020514514237702143492153", "62296206643640862599570083544025886110", "66039701322916065952347494566869563446" ] }, "deprecated": false }, { "signature_type": "Function", "id": "CVE-2017-17081-207cbed6", "source": "https://github.com/ffmpeg/ffmpeg/commit/27f8d386829689c346ff0cef00d3af57b9fb8903", "signature_version": "v1", "target": { "function": "gmc_mmx", "file": "libavcodec/x86/mpegvideodsp.c" }, "digest": { "function_hash": "121043539817440664565750123988210661973", "length": 4178.0 }, "deprecated": false }, { "signature_type": "Line", "id": "CVE-2017-17081-432d4ca8", "source": "https://github.com/ffmpeg/ffmpeg/commit/58cf31cee7a456057f337b3102a03206d833d5e8", "signature_version": "v1", "target": { "file": "libavcodec/x86/mpegvideodsp.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "99497488655434298647149463799167973397", "139953449297124945114340788739349000224", "48342063533814020514514237702143492153", "62296206643640862599570083544025886110", "66039701322916065952347494566869563446" ] }, "deprecated": false }, { "signature_type": "Function", "id": "CVE-2017-17081-54e217cb", "source": "https://github.com/ffmpeg/ffmpeg/commit/58cf31cee7a456057f337b3102a03206d833d5e8", "signature_version": "v1", "target": { "function": "gmc_mmx", "file": "libavcodec/x86/mpegvideodsp.c" }, "digest": { "function_hash": "121043539817440664565750123988210661973", "length": 4178.0 }, "deprecated": false } ]