Skip to main content

Libav CVE-2017-7206

HIGH
Out-of-bounds Read (CWE-125)
2017-03-21 cve@mitre.org
7.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 21, 2017 - 06:59 cve.org
HIGH 7.1

DescriptionCVE.org

The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file.

AnalysisAI

The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read) or obtain sensitive information from process memory. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file. Affected products include: Libav.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

More in Libav

View all
CVE-2017-17130 HIGH POC
8.8 Dec 04

The ff_free_picture_tables function in libavcodec/mpegpicture.c in Libav 12.2 allows remote attackers to cause a denial

CVE-2017-17129 HIGH POC
8.8 Dec 04

The ff_vc1_mc_4mv_chroma4 function in libavcodec/vc1_mc.c in Libav 12.2 allows remote attackers to cause a denial of ser

CVE-2019-9719 HIGH POC
8.8 Sep 19

A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted

CVE-2018-5766 HIGH POC
8.8 Jan 18

In Libav through 12.2, there is an invalid memcpy in the av_packet_ref function of libavcodec/avpacket.c. Rated high sev

CVE-2018-5684 HIGH POC
8.8 Jan 14

In Libav through 12.2, there is an invalid memcpy call in the ff_mov_read_stsd_entries function of libavformat/mov.c. Ra

CVE-2014-3984 CRITICAL
10.0 Jun 06

Multiple unspecified vulnerabilities in Libav before 0.8.12 allow remote attackers to have unknown impact and vectors. R

CVE-2017-11684 HIGH POC
7.5 Jul 27

There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to

CVE-2017-9987 HIGH POC
7.5 Jun 28

There is a heap-based buffer overflow in the function hpel_motion in mpegvideo_motion.c in libav 12.1. Rated high severi

CVE-2012-0947 MEDIUM POC
6.8 Aug 20

Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec (vqavideo.c) in libavcodec in Libav 0.5.x b

CVE-2012-0853 MEDIUM POC
6.8 Aug 20

The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.

CVE-2014-5271 HIGH
7.5 Nov 03

Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x

CVE-2012-5144 CRITICAL
10.0 Dec 12

Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC deco

Share

CVE-2017-7206 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy