CVE-2017-1000460
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000460
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000460.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-1000460
- Related
- Published
- 2018-01-03T20:29:00Z
- Modified
- 2024-09-18T02:42:19.425422Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In line libavcodec/h264dec.c:500 in libav(v13dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of initgetbits is ignored and getuegolomb(&gb) is called on an uninitialized getbits context, which causes a NULL deref exception.
- References
-
- https://bugzilla.libav.org/show_bug.cgi?id=952
- https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/8e313ca08800178efce00045e07dc494d437b70c
- https://lists.ffmpeg.org/pipermail/ffmpeg-cvslog/2017-January/104221.html
- https://lists.debian.org/debian-lts-announce/2019/03/msg00041.html
- https://security-tracker.debian.org/tracker/CVE-2017-1000460
Affected packages
Debian:11 / ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/debian/ffmpeg?arch=source
Debian:12 / ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/debian/ffmpeg?arch=source
Debian:13 / ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/debian/ffmpeg?arch=source
Git / github.com/ffmpeg/ffmpeg
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ffmpeg/ffmpeg
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Type
- GIT
- Repo
- https://github.com/libav/libav
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
Other
N
v10_alpha1
v10_alpha2
v10_beta1
v11_alpha1
v11_alpha2
v11_beta1
v11_dev0
v12_dev0
v13_dev0
v9
v9_beta1
v9_beta2
v9_beta3
dev14.*
dev14.2
n0.*
n0.11-dev
n0.12-dev
n0.8
n1.*
n1.1-dev
n1.2-dev
n1.3-dev
n2.*
n2.0
n2.1-dev
n2.2-dev
n2.3-dev
n2.4-dev
n2.5-dev
n2.6-dev
n2.7-dev
n2.8-dev
n2.9-dev
n3.*
n3.1-dev
n3.2-dev
n3.3-dev
n3.4-dev
v0.*
v0.7
v0.7b1
v0.7b2
v0.7rc1
v0.8
v0.8b1
v0.8b2