Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2017-9994

libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions.

Related bugs and status

CVE-2017-9994 (Candidate) is related to these bugs:

Bug #1697785: Update to 2.8.14 in Xenial

Summary				In	Importance	Status
	1697785	Update to 2.8.14 in Xenial		ffmpeg (Ubuntu)	Undecided	Invalid
	1697785	Update to 2.8.14 in Xenial		ffmpeg (Ubuntu Xenial)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.chromium....
MISC: https://bugs.chromium....
MISC: https://github.com/FFm...
BID: 99317
MLIST: [debian-lts-announce] ...