Integer overflow in the apedecodeframe function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file.
[
{
"id": "CVE-2017-11399-01efdeaa",
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 3671.0,
"function_hash": "87176752411722899504371359328285937876"
},
"target": {
"function": "ape_decode_frame",
"file": "libavcodec/apedec.c"
},
"source": "https://github.com/ffmpeg/ffmpeg/commit/ba4beaf6149f7241c8bd85fe853318c2f6837ad0",
"deprecated": false
},
{
"id": "CVE-2017-11399-213aa6bf",
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 3671.0,
"function_hash": "87176752411722899504371359328285937876"
},
"target": {
"function": "ape_decode_frame",
"file": "libavcodec/apedec.c"
},
"source": "https://github.com/ffmpeg/ffmpeg/commit/96349da5ec8eda9f0368446e557fe0c8ba0e66b7",
"deprecated": false
},
{
"id": "CVE-2017-11399-80e17083",
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"177999553618233406099160346547166088791",
"281223753256772375036123618331410352373",
"199164221402197121088267992248830992347",
"169419787339443002891149286306600929292",
"56850444523076892724772510557272670354",
"221530794161267527451934110621744540079",
"91020754815393809385049182583261956577",
"261895714190720812252645883656072875919",
"148134308668535936659433678929467899088",
"122865138154188195948536146745425143364",
"312551744281684646392193375890382757657",
"81074086178002383079696892734312808795",
"86894163162987399058845434280681964582"
],
"threshold": 0.9
},
"target": {
"file": "libavcodec/apedec.c"
},
"source": "https://github.com/ffmpeg/ffmpeg/commit/96349da5ec8eda9f0368446e557fe0c8ba0e66b7",
"deprecated": false
},
{
"id": "CVE-2017-11399-8b4379eb",
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"177999553618233406099160346547166088791",
"281223753256772375036123618331410352373",
"199164221402197121088267992248830992347",
"169419787339443002891149286306600929292",
"56850444523076892724772510557272670354",
"221530794161267527451934110621744540079",
"91020754815393809385049182583261956577",
"261895714190720812252645883656072875919",
"148134308668535936659433678929467899088",
"122865138154188195948536146745425143364",
"312551744281684646392193375890382757657",
"81074086178002383079696892734312808795",
"86894163162987399058845434280681964582"
],
"threshold": 0.9
},
"target": {
"file": "libavcodec/apedec.c"
},
"source": "https://github.com/ffmpeg/ffmpeg/commit/ba4beaf6149f7241c8bd85fe853318c2f6837ad0",
"deprecated": false
}
]