CVE-2017-9996

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-9996
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-9996.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-9996
Downstream
Related
Published
2017-06-28T06:29:00.613Z
Modified
2026-02-08T22:07:11.202242Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The cdxldecodeframe function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.

References

Affected packages

Git / git.ffmpeg.org/ffmpeg.git

Affected ranges

Type
GIT
Repo
https://git.ffmpeg.org/ffmpeg.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
148c4fb8d203fdef8589ccef56a995724938918b
Last affected
16c0d8aa46b6a206d14f1d1010b7487809d54e5f
Last affected
2a5c41e3e4a7e763503af59de903d5649dcc071a
Last affected
340cea9f22c162e10d120835661e132721b7454b
Last affected
3512ed3622e1200f03e0d508b5c1bcbf9f5d2c88
Last affected
384d90f26800521440a1d64d7c6967e9b552a690
Last affected
40934e0e9b632fa6c6ec22ac03b530625a027c79
Last affected
4275b27a230008c41c63397871f173952723e2b2
Last affected
523da8eac176c241881a9177237f8bf60e8d7b75
Last affected
5771a0c8237d6fb0fb65877126ec0f7842fd2a1e
Last affected
58142a27ea96bf9246586a91a82db85e37646933
Last affected
644179e0d4155ae8f5ddd5c3f6bd003e2e13cf94
Last affected
644296e736ee219cd02f7b7d7b7b4c7c5a464217
Last affected
68ed682710f1cb1f4fdd1fd0447f402d6feabd01
Last affected
af21d609a0ddeeddad4fdefecb19fd4e13744f80
Last affected
b408dba231091cd7f465ddf8bd8babf5b7efe63a
Last affected
b8fa3ff95d884060f39c5d50e811404fe94b9301
Last affected
c269c43a83166003ab6649263bc60634a6b7866f
Last affected
c2ea70628215ccede53240843b4514a6c339ab27
Last affected
c40983a6f631d22fede713d535bb9c31d5c9740c
Last affected
c46d22a4a58467bdc7885685b06a2114dd181c43
Last affected
c63e58756699d07b5bc69799db388600d3e634bf
Last affected
c66f4d1ae64dffaf456d05cbdade02054446f499
Last affected
c9b3451da3cf632424c07c35759c9ffbd537fa9e
Last affected
ce36e74e75751c721185fbebaa4ee8714b44c5a5
Last affected
d4b731e271ba944ade8f6a128271479529507de9
Last affected
d828aabf0343452a76547239832e27045be92549
Last affected
da4ea971617351600f49437bc9d489e650b4de38
Last affected
e08b1cf2df8cfdb3394aa5ab0320739f8b5a1c4f
Last affected
e8b94e5ce48f0dd68287e8b1c2ef4125fabff1d7
Last affected
efa89a841941bf61d1a3eb5c2900f98e3e7db85b
Last affected
fb93771072cfcbdd523d9f4bcd7682ee8b7f5578
Last affected
fbc96c50d72f55131e43939e38c1e5af4315a755
Last affected
fda00aa7749326f02a6ca0a7d9bd9bcda1054071

Affected versions

Other
N
n0.*
n0.11-dev
n0.12-dev
n0.8
n1.*
n1.1-dev
n1.2-dev
n1.3-dev
n2.*
n2.0
n2.1-dev
n2.2-dev
n2.3-dev
n2.4-dev
n2.5-dev
n2.6-dev
n2.7-dev
n2.8
n2.8-dev
n2.8.1
n2.8.10
n2.8.2
n2.8.3
n2.8.4
n2.8.5
n2.8.6
n2.8.7
n2.8.8
n2.8.9
n2.9-dev
n3.*
n3.0
n3.0.1
n3.0.2
n3.0.3
n3.1
n3.1-dev
n3.1.1
n3.1.2
n3.1.3
n3.1.4
n3.1.5
n3.2
n3.2-dev
n3.2.1
n3.2.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-9996.json"