VDB
CVE-2017-17081
CVE-2017-17081
PUBLISHED
The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file.
EPSS 0.53% · 67.4th percentile
Risk Scores
EPSS Score
0.53%
67.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | qtwebengine-opensource-src | 0, *, * |
| Ubuntu:18.04:LTS | qtwebengine-opensource-src | 5.9.3+dfsg-0ubuntu1, *, 5.9.5+dfsg-0ubuntu2 |
| Ubuntu:25.10 | qtwebengine-opensource-src | 0, 5.15.19+dfsg2-1, * |
| Ubuntu:16.04:LTS | ffmpeg | *, 0, 7:2.7.2-1build1 |
| Ubuntu:16.04:LTS | oxide-qt | 1.12.6-0ubuntu1, 1.12.7-0ubuntu1, 1.13.6-0ubuntu1 |
| Ubuntu:22.04:LTS | qtwebengine-opensource-src | 0, 5.15.6+dfsg-2, 5.15.6+dfsg-1 |
| Ubuntu:24.04:LTS | qtwebengine-opensource-src | 5.15.15+dfsg-2ubuntu1, 5.15.15+dfsg-2, 0 |
Timeline
- Nov 30, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- May 13, 2022 CVE Updated
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-17081 third-party-advisory
- https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2017-November/219748.html third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-17081 third-party-advisory