Search for vulnerabilities
Vulnerability details: VCID-g5e6-nvsq-aaaj
Vulnerability ID VCID-g5e6-nvsq-aaaj
Aliases CVE-2017-15672
Summary The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.
Status Published
Exploitability 0.5
Weighted Severity 7.9
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-125 Out-of-bounds Read
System Score Found at
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15672.html
epss 0.00763 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.00763 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.00763 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.00763 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.00763 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.00763 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.00763 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.00763 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.00763 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.00763 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.00763 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01164 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01164 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01164 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01164 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01164 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01164 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01164 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01164 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01164 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01164 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01164 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01164 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01164 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01164 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01164 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01164 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01164 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01164 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01164 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01164 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01164 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01226 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01311 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01311 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01311 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.01311 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
epss 0.02062 https://api.first.org/data/v1/epss?cve=CVE-2017-15672
generic_textual Untriaged https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15186
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15672
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16840
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2017-15672
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-15672
Reference id Reference type URL
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=c20f4fcb74da2d0432c7b54499bb98f48236b904
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c20f4fcb74da2d0432c7b54499bb98f48236b904
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15672.html
https://api.first.org/data/v1/epss?cve=CVE-2017-15672
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15672
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16840
https://github.com/FFmpeg/FFmpeg/commit/d893253fcd93d11258e98857175e93be7d158708
https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html
https://www.debian.org/security/2017/dsa-4049
http://www.openwall.com/lists/oss-security/2017/11/03/4
http://www.securityfocus.com/bid/101690
cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVE-2017-15672 https://nvd.nist.gov/vuln/detail/CVE-2017-15672
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2017-15672
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-15672
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.81589
EPSS Score 0.00763
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.