CVE-2017-16840

The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c.

References

Affected packages

Git / github.com/ffmpeg/ffmpeg

Affected ranges

Type

GIT

Repo

https://github.com/ffmpeg/ffmpeg

Events

Introduced

Last affected

c40983a6f631d22fede713d535bb9c31d5c9740c

Introduced

Last affected

22b0daa1b3f0ac5d91cc1a057d230995590847cd

Fixed

94e538aebbc9f9c529e8b1f2eda860cfb8c473b1

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.4"
        }
    ]
}

Affected versions

Other

ffmpeg-0.*

ffmpeg-0.6.3

n0.*

n0.10

n0.10.1

n0.10.10

n0.10.11

n0.10.12

n0.10.13

n0.10.14

n0.10.15

n0.10.16

n0.10.2

n0.10.3

n0.10.4

n0.10.5

n0.10.6

n0.10.7

n0.10.8

n0.10.9

n0.11

n0.11-dev

n0.11.1

n0.11.2

n0.11.3

n0.11.4

n0.11.5

n0.12-dev

n0.5.10

n0.5.11

n0.5.12

n0.5.13

n0.5.14

n0.5.15

n0.5.5

n0.5.6

n0.5.7

n0.5.8

n0.5.9

n0.6.4

n0.6.5

n0.6.6

n0.6.7

n0.7.1

n0.7.10

n0.7.11

n0.7.12

n0.7.13

n0.7.14

n0.7.15

n0.7.16

n0.7.17

n0.7.2

n0.7.3

n0.7.4

n0.7.5

n0.7.6

n0.7.7

n0.7.8

n0.7.9

n0.8

n0.8.1

n0.8.10

n0.8.11

n0.8.12

n0.8.13

n0.8.14

n0.8.15

n0.8.2

n0.8.3

n0.8.4

n0.8.5

n0.8.6

n0.8.7

n0.8.8

n0.8.9

n0.9

n0.9.1

n0.9.2

n0.9.3

n0.9.4

n1.*

n1.0

n1.0.1

n1.0.10

n1.0.2

n1.0.3

n1.0.4

n1.0.5

n1.0.6

n1.0.7

n1.0.8

n1.0.9

n1.1

n1.1-dev

n1.1.1

n1.1.10

n1.1.11

n1.1.12

n1.1.13

n1.1.14

n1.1.15

n1.1.16

n1.1.2

n1.1.3

n1.1.4

n1.1.5

n1.1.6

n1.1.7

n1.1.8

n1.1.9

n1.2

n1.2-dev

n1.2.1

n1.2.10

n1.2.11

n1.2.12

n1.2.2

n1.2.3

n1.2.4

n1.2.5

n1.2.6

n1.2.7

n1.2.8

n1.2.9

n1.3-dev

n2.*

n2.0

n2.0.1

n2.0.2

n2.0.3

n2.0.4

n2.0.5

n2.0.6

n2.0.7

n2.1

n2.1-dev

n2.1.1

n2.1.2

n2.1.3

n2.1.4

n2.1.5

n2.1.6

n2.1.7

n2.1.8

n2.2

n2.2-dev

n2.2-rc1

n2.2-rc2

n2.2.1

n2.2.10

n2.2.11

n2.2.12

n2.2.13

n2.2.14

n2.2.15

n2.2.16

n2.2.2

n2.2.3

n2.2.4

n2.2.5

n2.2.6

n2.2.7

n2.2.8

n2.2.9

n2.3

n2.3-dev

n2.3.1

n2.3.2

n2.3.3

n2.3.4

n2.3.5

n2.3.6

n2.4

n2.4-dev

n2.4.1

n2.4.10

n2.4.11

n2.4.12

n2.4.13

n2.4.14

n2.4.2

n2.4.3

n2.4.4

n2.4.5

n2.4.6

n2.4.7

n2.4.8

n2.4.9

n2.5

n2.5-dev

n2.5.1

n2.5.10

n2.5.11

n2.5.2

n2.5.3

n2.5.4

n2.5.5

n2.5.6

n2.5.7

n2.5.8

n2.5.9

n2.6

n2.6-dev

n2.6.1

n2.6.2

n2.6.3

n2.6.4

n2.6.5

n2.6.6

n2.6.7

n2.6.8

n2.6.9

n2.7

n2.7-dev

n2.7.1

n2.7.2

n2.7.3

n2.7.4

n2.7.5

n2.7.6

n2.7.7

n2.8

n2.8-dev

n2.8.1

n2.8.10

n2.8.11

n2.8.12

n2.8.13

n2.8.14

n2.8.15

n2.8.16

n2.8.17

n2.8.18

n2.8.19

n2.8.2

n2.8.20

n2.8.21

n2.8.22

n2.8.3

n2.8.4

n2.8.5

n2.8.6

n2.8.7

n2.8.8

n2.8.9

n2.9-dev

n3.*

n3.0

n3.1

n3.1-dev

n3.1.1

n3.1.10

n3.1.11

n3.1.2

n3.1.3

n3.1.4

n3.1.5

n3.1.6

n3.1.7

n3.1.8

n3.1.9

n3.2

n3.2-dev

n3.2.1

n3.2.10

n3.2.11

n3.2.12

n3.2.13

n3.2.14

n3.2.15

n3.2.16

n3.2.17

n3.2.18

n3.2.19

n3.2.2

n3.2.3

n3.2.4

n3.2.5

n3.2.6

n3.2.7

n3.2.8

n3.2.9

n3.3

n3.3-dev

n3.3.1

n3.3.2

n3.3.3

n3.3.4

n3.3.5

n3.3.6

n3.3.7

n3.3.8

n3.3.9

n3.4-dev

v0.*

v0.5

v0.5.1

v0.5.2

v0.5.3

v0.6

v0.6.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16840.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    }
]

vanir_signatures

[
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "135818594614901672732146968676385056856",
                "248125806350867737154119266375215529082",
                "186133846001445467985421406694757432229",
                "63482696116901264408691652824731083733",
                "257204787779104618254370894359176384064",
                "175904524801985787039735545992937190833",
                "99626077389251573496303213197947429264",
                "237349011077517403735766500451654610691"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/ffmpeg/ffmpeg/commit/94e538aebbc9f9c529e8b1f2eda860cfb8c473b1",
        "id": "CVE-2017-16840-094792fd",
        "target": {
            "file": "libavcodec/vc2enc_dwt.h"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "335363604367117808748188825808816569480",
            "length": 5192.0
        },
        "source": "https://github.com/ffmpeg/ffmpeg/commit/94e538aebbc9f9c529e8b1f2eda860cfb8c473b1",
        "id": "CVE-2017-16840-28a4c539",
        "target": {
            "file": "libavcodec/vc2enc.c",
            "function": "vc2_encode_init"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "197305430240602816591644314383776055292",
                "67111441144557061660701597356442478488",
                "137925606817059743193280873001912113898",
                "74440525678306990342453025535523734246",
                "172298131143932485841285047965883868080"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/ffmpeg/ffmpeg/commit/94e538aebbc9f9c529e8b1f2eda860cfb8c473b1",
        "id": "CVE-2017-16840-465c152d",
        "target": {
            "file": "libavcodec/vc2enc.c"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "268327022686470612313326723529605010299",
            "length": 323.0
        },
        "source": "https://github.com/ffmpeg/ffmpeg/commit/94e538aebbc9f9c529e8b1f2eda860cfb8c473b1",
        "id": "CVE-2017-16840-4786e35c",
        "target": {
            "file": "libavcodec/vc2enc_dwt.c",
            "function": "ff_vc2enc_init_transforms"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "46399139728623671936880676747376363104",
            "length": 69.0
        },
        "source": "https://github.com/ffmpeg/ffmpeg/commit/94e538aebbc9f9c529e8b1f2eda860cfb8c473b1",
        "id": "CVE-2017-16840-67d2348c",
        "target": {
            "file": "libavcodec/vc2enc_dwt.c",
            "function": "ff_vc2enc_free_transforms"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "53795763754123074629229590708092510091",
                "80350097047626985864507570491897652593",
                "135965666273098394188915963956646392453",
                "303737012275246568064756864032559436743",
                "40117645717818657865657395139437859457",
                "79147293561506676442283515161020790479",
                "119905777158287688855604005386924491997",
                "24706128928333116285719656482873298185",
                "260918295490888607884998935979156143138",
                "300707498807955112852161934854568824612",
                "61036244475108607892019035979117532090",
                "316919907739127694507247972126559813512",
                "180660775057073708108545038031223728538"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/ffmpeg/ffmpeg/commit/94e538aebbc9f9c529e8b1f2eda860cfb8c473b1",
        "id": "CVE-2017-16840-a87bf187",
        "target": {
            "file": "libavcodec/vc2enc_dwt.c"
        }
    }
]