Skip to main content

Libav CVE-2017-7208

HIGH
Out-of-bounds Read (CWE-125)
2017-03-21 cve@mitre.org
7.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 21, 2017 - 06:59 cve.org
HIGH 7.1

DescriptionCVE.org

The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file.

AnalysisAI

The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file. Affected products include: Libav.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

More in Libav

View all
CVE-2017-17130 HIGH POC
8.8 Dec 04

The ff_free_picture_tables function in libavcodec/mpegpicture.c in Libav 12.2 allows remote attackers to cause a denial

CVE-2017-17129 HIGH POC
8.8 Dec 04

The ff_vc1_mc_4mv_chroma4 function in libavcodec/vc1_mc.c in Libav 12.2 allows remote attackers to cause a denial of ser

CVE-2019-9719 HIGH POC
8.8 Sep 19

A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted

CVE-2018-5766 HIGH POC
8.8 Jan 18

In Libav through 12.2, there is an invalid memcpy in the av_packet_ref function of libavcodec/avpacket.c. Rated high sev

CVE-2018-5684 HIGH POC
8.8 Jan 14

In Libav through 12.2, there is an invalid memcpy call in the ff_mov_read_stsd_entries function of libavformat/mov.c. Ra

CVE-2014-3984 CRITICAL
10.0 Jun 06

Multiple unspecified vulnerabilities in Libav before 0.8.12 allow remote attackers to have unknown impact and vectors. R

CVE-2017-11684 HIGH POC
7.5 Jul 27

There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to

CVE-2017-9987 HIGH POC
7.5 Jun 28

There is a heap-based buffer overflow in the function hpel_motion in mpegvideo_motion.c in libav 12.1. Rated high severi

CVE-2012-0947 MEDIUM POC
6.8 Aug 20

Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec (vqavideo.c) in libavcodec in Libav 0.5.x b

CVE-2012-0853 MEDIUM POC
6.8 Aug 20

The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.

CVE-2014-5271 HIGH
7.5 Nov 03

Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x

CVE-2012-5144 CRITICAL
10.0 Dec 12

Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC deco

Share

CVE-2017-7208 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy