Lucene search

[email protected]NVD:CVE-2017-17555

HistoryDec 12, 2017 - 1:29 a.m.

CVE-2017-17555

2017-12-1201:29:00

CWE-476

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

49.3%

JSON

The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.

Affected configurations

Nvd

Node

aubioaubioMatch0.4.6

ffmpegffmpegMatch3.4.1

Node

ffmpeglibswresampleRange≤3.0.101

VendorProductVersionCPE
aubioaubio0.4.6cpe:2.3:a:aubio:aubio:0.4.6:*:*:*:*:*:*:*
ffmpegffmpeg3.4.1cpe:2.3:a:ffmpeg:ffmpeg:3.4.1:*:*:*:*:*:*:*
ffmpeglibswresample*cpe:2.3:a:ffmpeg:libswresample:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
aubio	aubio	0.4.6	cpe:2.3:a:aubio:aubio:0.4.6:::::::*
ffmpeg	ffmpeg	3.4.1	cpe:2.3:a:ffmpeg:ffmpeg:3.4.1:::::::*
ffmpeg	libswresample	*	cpe:2.3:a:ffmpeg:libswresample::::::::

References

lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html

github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference%28DoS%29%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md