CVE-2017-9992

Published Jun 28, 2017

Last updated 6 years ago

CVSS high 8.8

Overview

Description: Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "941B47E5-FDBB-437A-8A4D-A9788019E5EC",
            "versionEndExcluding": "2.8.12"
          },
          {
            "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23E6910A-C467-44FD-B9CA-3D6049AFB1BF",
            "versionEndExcluding": "3.0.8",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58FFC631-648C-44BE-9EE5-CF3210E632C0",
            "versionEndExcluding": "3.1.8",
            "versionStartIncluding": "3.1"
          },
          {
            "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "248F96A2-0FAF-4737-8011-3ACAC8115829",
            "versionEndExcluding": "3.2.5",
            "versionStartIncluding": "3.2"
          },
          {
            "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0E75E33-237A-43F9-9193-002687E3470D",
            "versionEndExcluding": "3.3.1",
            "versionStartIncluding": "3.3"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References