VDB
CVE-2017-1000460
CVE-2017-1000460
PUBLISHED
CVSS 4.300000190734863 MEDIUM
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.
EPSS 0.22% · 44.2th percentile
Risk Scores
CVSS v2.0
4.300000190734863
EPSS Score
0.22%
44.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| chrome | 0 | |
| ffmpeg | ffmpeg | 3.4 |
| libav | libav | 13_dev0 |
| n/a | n/a | n/a |
Timeline
- Jan 3, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
- Jan 7, 2023 EPSS Score
References
- https://lists.ffmpeg.org/pipermail/ffmpeg-cvslog/2017-January/104221.html url
- https://bugzilla.libav.org/show_bug.cgi?id=952 url
- https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/8e313ca08800178efce00045e07dc494d437b70c url
- [debian-lts-announce] 20190330 [SECURITY] [DLA 1740-1] libav security update mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000460 advisory