CVE-2017-9608

The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file.

References

Affected packages

Git / github.com/ffmpeg/ffmpeg

Affected ranges

Type

GIT

Repo

https://github.com/ffmpeg/ffmpeg

Events

Introduced

Fixed

431ccd3f55eae8732fe901622660c52fc712cc25

Introduced

efa89a841941bf61d1a3eb5c2900f98e3e7db85b

Fixed

9079c70d2095643af6954001d0627445650b85a6

Fixed

0a709e2a10b8288a0cc383547924ecfe285cef89

Fixed

31c1c0b46a7021802c3d1d18039fca30dba5a14e

Fixed

611b35627488a8d0763e75c25ee0875c5b7987dd

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.2.6"
        },
        {
            "introduced": "3.3"
        },
        {
            "fixed": "3.3.3"
        }
    ]
}

Affected versions

n3.*

n3.3

n3.3-dev

n3.3.1

n3.3.2

n3.4-dev

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "57461358337514712756395136655201152808",
                "80245587019904202682570818294677321241",
                "247987104724374446862500083383862797627",
                "136516107736779889432496692360651853885",
                "255459594875552099711272227410435093620",
                "206698390374465263881690078608755966825",
                "110928872312797958069881088590198265328",
                "81356332768943735539026862844028969216",
                "114758231203302998653824498950488246886",
                "328106599903300457399776673683261929738",
                "206000672969287918923774033882627951319",
                "307142452002623859979927565029061953571"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2017-9608-2a919bd9",
        "target": {
            "file": "libavcodec/dnxhd_parser.c"
        },
        "source": "https://github.com/ffmpeg/ffmpeg/commit/31c1c0b46a7021802c3d1d18039fca30dba5a14e"
    },
    {
        "digest": {
            "length": 1782.0,
            "function_hash": "89707297390371257070099533510679552519"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2017-9608-39d461a0",
        "target": {
            "function": "dnxhd_find_frame_end",
            "file": "libavcodec/dnxhd_parser.c"
        },
        "source": "https://github.com/ffmpeg/ffmpeg/commit/31c1c0b46a7021802c3d1d18039fca30dba5a14e"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "57461358337514712756395136655201152808",
                "80245587019904202682570818294677321241",
                "247987104724374446862500083383862797627",
                "136516107736779889432496692360651853885",
                "255459594875552099711272227410435093620",
                "206698390374465263881690078608755966825",
                "110928872312797958069881088590198265328",
                "81356332768943735539026862844028969216",
                "114758231203302998653824498950488246886",
                "156998456537400884220674302983198554191",
                "325436162585347255892603977106384527528",
                "280945907134446947319404938646302632133"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2017-9608-84fa9a4b",
        "target": {
            "file": "libavcodec/dnxhd_parser.c"
        },
        "source": "https://github.com/ffmpeg/ffmpeg/commit/0a709e2a10b8288a0cc383547924ecfe285cef89"
    },
    {
        "digest": {
            "length": 1532.0,
            "function_hash": "2601796132145701510809948212467564680"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2017-9608-9ed20a68",
        "target": {
            "function": "dnxhd_find_frame_end",
            "file": "libavcodec/dnxhd_parser.c"
        },
        "source": "https://github.com/ffmpeg/ffmpeg/commit/611b35627488a8d0763e75c25ee0875c5b7987dd"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "57461358337514712756395136655201152808",
                "80245587019904202682570818294677321241",
                "247987104724374446862500083383862797627",
                "136516107736779889432496692360651853885",
                "255459594875552099711272227410435093620",
                "275354664576526898216108658457417285073",
                "246617255682840904383175229502656738661",
                "3413330245974307559533751462905375835",
                "122422883785111637006293168254662554174",
                "156998456537400884220674302983198554191",
                "325436162585347255892603977106384527528",
                "280945907134446947319404938646302632133"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2017-9608-cdb5746b",
        "target": {
            "file": "libavcodec/dnxhd_parser.c"
        },
        "source": "https://github.com/ffmpeg/ffmpeg/commit/611b35627488a8d0763e75c25ee0875c5b7987dd"
    },
    {
        "digest": {
            "length": 1532.0,
            "function_hash": "2601796132145701510809948212467564680"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2017-9608-d289a3db",
        "target": {
            "function": "dnxhd_find_frame_end",
            "file": "libavcodec/dnxhd_parser.c"
        },
        "source": "https://github.com/ffmpeg/ffmpeg/commit/0a709e2a10b8288a0cc383547924ecfe285cef89"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9608.json"