CVE-2017-16840

Published: Nov 21, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c.

Affected (3)

Products: Ffmpeg: Ffmpeg · Debian: Debian Linux

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ffmpeg Ffmpeg	Version 3.0
Ffmpeg Ffmpeg	Version 3.4

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (8)

http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=a94cb36ab2ad99d3a1331c9f91831ef593d94f74

Source: cve@mitre.org

http://www.securityfocus.com/bid/101924

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://github.com/FFmpeg/FFmpeg/commit/94e538aebbc9f9c529e8b1f2eda860cfb8c473b1

Source: cve@mitre.org

PatchThird Party Advisory

https://www.debian.org/security/2017/dsa-4049

Source: cve@mitre.org

Vendor Advisory

http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=a94cb36ab2ad99d3a1331c9f91831ef593d94f74

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/101924

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://github.com/FFmpeg/FFmpeg/commit/94e538aebbc9f9c529e8b1f2eda860cfb8c473b1

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.debian.org/security/2017/dsa-4049

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.