The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c.
References
Link | Resource |
---|---|
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=a94cb36ab2ad99d3a1331c9f91831ef593d94f74 | |
http://www.securityfocus.com/bid/101924 | Third Party Advisory VDB Entry |
https://github.com/FFmpeg/FFmpeg/commit/94e538aebbc9f9c529e8b1f2eda860cfb8c473b1 | Patch Third Party Advisory |
https://www.debian.org/security/2017/dsa-4049 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-11-21T08:00:00
Updated: 2021-01-05T18:53:15
Reserved: 2017-11-15T00:00:00
Link: CVE-2017-16840
JSON object: View
NVD Information
Status : Modified
Published: 2017-11-21T08:29:00.210
Modified: 2023-11-07T02:40:55.870
Link: CVE-2017-16840
JSON object: View
Redhat Information
No data.
CWE