Search for vulnerabilities
Vulnerability details: VCID-mp12-nmvu-aaad
Vulnerability ID VCID-mp12-nmvu-aaad
Aliases CVE-2017-16840
Summary The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c.
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-125 Out-of-bounds Read
System Score Found at
generic_textual Medium http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a94cb36ab2ad99d3a1331c9f91831ef593d94f74
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16840.html
epss 0.00412 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.00412 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.00412 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.00412 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.00531 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.00531 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.00531 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.00531 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.00531 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.00531 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.00531 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.00531 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.00531 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.00531 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.00531 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01585 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01585 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01585 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01585 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01585 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01585 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01585 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01585 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01585 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
epss 0.03687 https://api.first.org/data/v1/epss?cve=CVE-2017-16840
generic_textual Untriaged https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15186
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15672
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16840
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2017-16840
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-16840
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-16840
archlinux Medium https://security.archlinux.org/AVG-516
Reference id Reference type URL
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=a94cb36ab2ad99d3a1331c9f91831ef593d94f74
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a94cb36ab2ad99d3a1331c9f91831ef593d94f74
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16840.html
https://api.first.org/data/v1/epss?cve=CVE-2017-16840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15672
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16840
https://github.com/FFmpeg/FFmpeg/commit/94e538aebbc9f9c529e8b1f2eda860cfb8c473b1
https://www.debian.org/security/2017/dsa-4049
http://www.securityfocus.com/bid/101924
AVG-516 https://security.archlinux.org/AVG-516
cpe:2.3:a:ffmpeg:ffmpeg:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ffmpeg:ffmpeg:3.0:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:3.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ffmpeg:ffmpeg:3.4:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVE-2017-16840 https://nvd.nist.gov/vuln/detail/CVE-2017-16840
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2017-16840
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-16840
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-16840
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.73621
EPSS Score 0.00412
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.