ID CVE-2017-17555
Summary The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.
References
Vulnerable Configurations
  • cpe:2.3:a:aubio:aubio:0.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:aubio:aubio:0.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:ffmpeg:ffmpeg:3.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:ffmpeg:ffmpeg:3.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ffmpeg:libswresample:3.0.101:*:*:*:*:*:*:*
    cpe:2.3:a:ffmpeg:libswresample:3.0.101:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 13-08-2018 - 21:47)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
misc https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md
suse openSUSE-SU-2020:0024
Last major update 13-08-2018 - 21:47
Published 12-12-2017 - 01:29
Last modified 13-08-2018 - 21:47
Back to Top