CVE-2017-9608
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-9608
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-9608.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-9608
- Downstream
- Related
- Published
- 2017-12-27T19:29:00Z
- Modified
- 2025-10-25T04:02:22.501382Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file.
- References
-
- http://www.openwall.com/lists/oss-security/2017/08/15/8
- http://www.securityfocus.com/bid/100348
- https://www.debian.org/security/2017/dsa-3957
- http://www.openwall.com/lists/oss-security/2017/08/14/1
- https://github.com/FFmpeg/FFmpeg/commit/0a709e2a10b8288a0cc383547924ecfe285cef89
- https://github.com/FFmpeg/FFmpeg/commit/31c1c0b46a7021802c3d1d18039fca30dba5a14e
- https://github.com/FFmpeg/FFmpeg/commit/611b35627488a8d0763e75c25ee0875c5b7987dd
Affected packages
Git / git.ffmpeg.org/ffmpeg.git
Git / git.ffmpeg.org/ffmpeg.git
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ffmpeg/ffmpeg
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixed
Affected versions
Other
N
n0.*
n0.11-dev
n0.12-dev
n0.8
n1.*
n1.1-dev
n1.2-dev
n1.3-dev
n2.*
n2.0
n2.1-dev
n2.2-dev
n2.3-dev
n2.4-dev
n2.5-dev
n2.6-dev
n2.7-dev
n2.8-dev
n2.9-dev
n3.*
n3.1-dev
n3.2
n3.2-dev
n3.2.1
n3.2.2
n3.2.3
n3.2.4
n3.2.5
n3.3
n3.3-dev
n3.3.1
n3.3.2
n3.4-dev
Database specific
vanir_signatures
[
{
"source": "https://github.com/ffmpeg/ffmpeg/commit/31c1c0b46a7021802c3d1d18039fca30dba5a14e",
"id": "CVE-2017-9608-2a919bd9",
"digest": {
"threshold": 0.9,
"line_hashes": [
"57461358337514712756395136655201152808",
"80245587019904202682570818294677321241",
"247987104724374446862500083383862797627",
"136516107736779889432496692360651853885",
"255459594875552099711272227410435093620",
"206698390374465263881690078608755966825",
"110928872312797958069881088590198265328",
"81356332768943735539026862844028969216",
"114758231203302998653824498950488246886",
"328106599903300457399776673683261929738",
"206000672969287918923774033882627951319",
"307142452002623859979927565029061953571"
]
},
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "libavcodec/dnxhd_parser.c"
},
"signature_type": "Line"
},
{
"source": "https://github.com/ffmpeg/ffmpeg/commit/31c1c0b46a7021802c3d1d18039fca30dba5a14e",
"id": "CVE-2017-9608-39d461a0",
"digest": {
"function_hash": "89707297390371257070099533510679552519",
"length": 1782.0
},
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "dnxhd_find_frame_end",
"file": "libavcodec/dnxhd_parser.c"
},
"signature_type": "Function"
},
{
"source": "https://github.com/ffmpeg/ffmpeg/commit/0a709e2a10b8288a0cc383547924ecfe285cef89",
"id": "CVE-2017-9608-84fa9a4b",
"digest": {
"threshold": 0.9,
"line_hashes": [
"57461358337514712756395136655201152808",
"80245587019904202682570818294677321241",
"247987104724374446862500083383862797627",
"136516107736779889432496692360651853885",
"255459594875552099711272227410435093620",
"206698390374465263881690078608755966825",
"110928872312797958069881088590198265328",
"81356332768943735539026862844028969216",
"114758231203302998653824498950488246886",
"156998456537400884220674302983198554191",
"325436162585347255892603977106384527528",
"280945907134446947319404938646302632133"
]
},
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "libavcodec/dnxhd_parser.c"
},
"signature_type": "Line"
},
{
"source": "https://github.com/ffmpeg/ffmpeg/commit/611b35627488a8d0763e75c25ee0875c5b7987dd",
"id": "CVE-2017-9608-9ed20a68",
"digest": {
"function_hash": "2601796132145701510809948212467564680",
"length": 1532.0
},
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "dnxhd_find_frame_end",
"file": "libavcodec/dnxhd_parser.c"
},
"signature_type": "Function"
},
{
"source": "https://github.com/ffmpeg/ffmpeg/commit/611b35627488a8d0763e75c25ee0875c5b7987dd",
"id": "CVE-2017-9608-cdb5746b",
"digest": {
"threshold": 0.9,
"line_hashes": [
"57461358337514712756395136655201152808",
"80245587019904202682570818294677321241",
"247987104724374446862500083383862797627",
"136516107736779889432496692360651853885",
"255459594875552099711272227410435093620",
"275354664576526898216108658457417285073",
"246617255682840904383175229502656738661",
"3413330245974307559533751462905375835",
"122422883785111637006293168254662554174",
"156998456537400884220674302983198554191",
"325436162585347255892603977106384527528",
"280945907134446947319404938646302632133"
]
},
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "libavcodec/dnxhd_parser.c"
},
"signature_type": "Line"
},
{
"source": "https://github.com/ffmpeg/ffmpeg/commit/0a709e2a10b8288a0cc383547924ecfe285cef89",
"id": "CVE-2017-9608-d289a3db",
"digest": {
"function_hash": "2601796132145701510809948212467564680",
"length": 1532.0
},
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "dnxhd_find_frame_end",
"file": "libavcodec/dnxhd_parser.c"
},
"signature_type": "Function"
}
]