CVE-2017-17555

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2017-17555
The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:aubio:aubio:0.4.6:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:3.4.1:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:ffmpeg:libswresample:*:*:*:*:*:*:*:*
Information

Published : 2017-12-11 17:29

Updated : 2018-08-13 14:47

NVD link : CVE-2017-17555

Mitre link : CVE-2017-17555

JSON object : View

CWE
CWE-476

NULL Pointer Dereference

Advertisement

dedicated server usa
Products Affected

ffmpeg

  • libswresample
  • ffmpeg

aubio

  • aubio