Integer overflow in the apedecodeframe function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file.
{ "vanir_signatures": [ { "deprecated": false, "signature_type": "Function", "target": { "file": "libavcodec/apedec.c", "function": "ape_decode_frame" }, "id": "CVE-2017-11399-01efdeaa", "digest": { "length": 3671.0, "function_hash": "87176752411722899504371359328285937876" }, "signature_version": "v1", "source": "https://github.com/ffmpeg/ffmpeg/commit/ba4beaf6149f7241c8bd85fe853318c2f6837ad0" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "libavcodec/apedec.c", "function": "ape_decode_frame" }, "id": "CVE-2017-11399-213aa6bf", "digest": { "length": 3671.0, "function_hash": "87176752411722899504371359328285937876" }, "signature_version": "v1", "source": "https://github.com/ffmpeg/ffmpeg/commit/96349da5ec8eda9f0368446e557fe0c8ba0e66b7" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "libavcodec/apedec.c" }, "id": "CVE-2017-11399-80e17083", "digest": { "line_hashes": [ "177999553618233406099160346547166088791", "281223753256772375036123618331410352373", "199164221402197121088267992248830992347", "169419787339443002891149286306600929292", "56850444523076892724772510557272670354", "221530794161267527451934110621744540079", "91020754815393809385049182583261956577", "261895714190720812252645883656072875919", "148134308668535936659433678929467899088", "122865138154188195948536146745425143364", "312551744281684646392193375890382757657", "81074086178002383079696892734312808795", "86894163162987399058845434280681964582" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://github.com/ffmpeg/ffmpeg/commit/96349da5ec8eda9f0368446e557fe0c8ba0e66b7" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "libavcodec/apedec.c" }, "id": "CVE-2017-11399-8b4379eb", "digest": { "line_hashes": [ "177999553618233406099160346547166088791", "281223753256772375036123618331410352373", "199164221402197121088267992248830992347", "169419787339443002891149286306600929292", "56850444523076892724772510557272670354", "221530794161267527451934110621744540079", "91020754815393809385049182583261956577", "261895714190720812252645883656072875919", "148134308668535936659433678929467899088", "122865138154188195948536146745425143364", "312551744281684646392193375890382757657", "81074086178002383079696892734312808795", "86894163162987399058845434280681964582" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://github.com/ffmpeg/ffmpeg/commit/ba4beaf6149f7241c8bd85fe853318c2f6837ad0" } ] }