CVE-2017-9996
- Source
- https://cve.org/CVERecord?id=CVE-2017-9996
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9996.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-9996
- Downstream
- Related
- Published
- 2017-06-28T06:29:00.613Z
- Modified
- 2026-03-15T14:30:06.169514Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The cdxldecodeframe function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
- References
-
- http://www.securityfocus.com/bid/99323
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1378
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1427
- https://github.com/FFmpeg/FFmpeg/commit/1e42736b95065c69a7481d0cf55247024f54b660
- https://github.com/FFmpeg/FFmpeg/commit/e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d
Affected packages
Git / github.com/ffmpeg/ffmpeg
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ffmpeg/ffmpeg
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedFixedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "2.8" }, { "introduced": "0" }, { "last_affected": "2.8.1" }, { "introduced": "0" }, { "last_affected": "2.8.2" }, { "introduced": "0" }, { "last_affected": "2.8.3" }, { "introduced": "0" }, { "last_affected": "2.8.4" }, { "introduced": "0" }, { "last_affected": "2.8.5" }, { "introduced": "0" }, { "last_affected": "2.8.6" }, { "introduced": "0" }, { "last_affected": "2.8.7" }, { "introduced": "0" }, { "last_affected": "2.8.8" }, { "introduced": "0" }, { "last_affected": "2.8.9" }, { "introduced": "0" }, { "last_affected": "2.8.10" }, { "introduced": "0" }, { "last_affected": "2.8.11" }, { "introduced": "0" }, { "last_affected": "3.0" }, { "introduced": "0" }, { "last_affected": "3.0.1" }, { "introduced": "0" }, { "last_affected": "3.0.2" }, { "introduced": "0" }, { "last_affected": "3.0.3" }, { "introduced": "0" }, { "last_affected": "3.0.4" }, { "introduced": "0" }, { "last_affected": "3.0.5" }, { "introduced": "0" }, { "last_affected": "3.0.6" }, { "introduced": "0" }, { "last_affected": "3.0.7" }, { "introduced": "0" }, { "last_affected": "3.1" }, { "introduced": "0" }, { "last_affected": "3.1.1" }, { "introduced": "0" }, { "last_affected": "3.1.2" }, { "introduced": "0" }, { "last_affected": "3.1.3" }, { "introduced": "0" }, { "last_affected": "3.1.4" }, { "introduced": "0" }, { "last_affected": "3.1.5" }, { "introduced": "0" }, { "last_affected": "3.1.6" }, { "introduced": "0" }, { "last_affected": "3.1.7" }, { "introduced": "0" }, { "last_affected": "3.2" }, { "introduced": "0" }, { "last_affected": "3.2.1" }, { "introduced": "0" }, { "last_affected": "3.2.2" }, { "introduced": "0" }, { "last_affected": "3.2.3" }, { "introduced": "0" }, { "last_affected": "3.2.4" }, { "introduced": "0" }, { "last_affected": "3.3" } ] }
Affected versions
Other
N
n0.*
n0.11-dev
n0.12-dev
n0.8
n1.*
n1.1-dev
n1.2-dev
n1.3-dev
n2.*
n2.0
n2.1-dev
n2.2-dev
n2.3-dev
n2.4-dev
n2.5-dev
n2.6-dev
n2.7-dev
n2.8-dev
n2.9-dev
n3.*
n3.1-dev
n3.2-dev
n3.3-dev
n3.4-dev
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9996.json"
vanir_signatures
[
{
"id": "CVE-2017-9996-2f0ad500",
"signature_type": "Function",
"digest": {
"function_hash": "232012547363536280629733976652993635058",
"length": 2357.0
},
"target": {
"file": "libavcodec/cdxl.c",
"function": "cdxl_decode_frame"
},
"source": "https://github.com/ffmpeg/ffmpeg/commit/e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2017-9996-7fcd8b63",
"signature_type": "Line",
"digest": {
"line_hashes": [
"253968693662442934354663313725314224920",
"155954498066262174679898175888474969919",
"271068582030536723487794266941703843721",
"22086510837230335350562603478408771661"
],
"threshold": 0.9
},
"target": {
"file": "libavcodec/cdxl.c"
},
"source": "https://github.com/ffmpeg/ffmpeg/commit/1e42736b95065c69a7481d0cf55247024f54b660",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2017-9996-c0e84502",
"signature_type": "Line",
"digest": {
"line_hashes": [
"9541136662425234999368121051517161174",
"335429220255434529045940017495389620699",
"282632619432198648312553285132640172496",
"117934805132091481606501704046257057968"
],
"threshold": 0.9
},
"target": {
"file": "libavcodec/cdxl.c"
},
"source": "https://github.com/ffmpeg/ffmpeg/commit/e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2017-9996-cf24cf4d",
"signature_type": "Function",
"digest": {
"function_hash": "218522419038422982971272059869302486306",
"length": 2384.0
},
"target": {
"file": "libavcodec/cdxl.c",
"function": "cdxl_decode_frame"
},
"source": "https://github.com/ffmpeg/ffmpeg/commit/1e42736b95065c69a7481d0cf55247024f54b660",
"signature_version": "v1",
"deprecated": false
}
]