What is the severity of CVE-2017-16803?

CVE-2017-16803 has a medium severity due to its potential to cause denial of service through application crashes.

How do I fix CVE-2017-16803?

To fix CVE-2017-16803, update to Libav version 11.12 or later, or use the specified versions of ffmpeg provided by Debian.

Who is affected by CVE-2017-16803?

CVE-2017-16803 affects users running Libav versions up to 11.11 and the 12.x versions up to 12.1, as well as specific versions of ffmpeg.

What type of attack does CVE-2017-16803 facilitate?

CVE-2017-16803 facilitates remote denial of service attacks by allowing out-of-bounds reads, which can crash the application.

What is the main cause of CVE-2017-16803?

The main cause of CVE-2017-16803 is the lack of proper restrictions on tree recursion within the smacker_decode_tree function.

Vulnerability/
CVE-2017-16803

high

7.5

CWE

119

13/11/2017

27/11/2018

CVE-2017-16803: Buffer Overflow

First published: Mon Nov 13 2017(Updated: )

In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
debian/ffmpeg		7:4.1.9-0+deb10u1 7:4.1.11-0+deb10u1 7:4.3.6-0+deb11u1 7:5.1.3-1 7:6.0-7
libavutil	<=11.11
libavutil	=12.0
libavutil	=12.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-16803?
CVE-2017-16803 has a medium severity due to its potential to cause denial of service through application crashes.
How do I fix CVE-2017-16803?
To fix CVE-2017-16803, update to Libav version 11.12 or later, or use the specified versions of ffmpeg provided by Debian.
Who is affected by CVE-2017-16803?
CVE-2017-16803 affects users running Libav versions up to 11.11 and the 12.x versions up to 12.1, as well as specific versions of ffmpeg.
What type of attack does CVE-2017-16803 facilitate?
CVE-2017-16803 facilitates remote denial of service attacks by allowing out-of-bounds reads, which can crash the application.
What is the main cause of CVE-2017-16803?
The main cause of CVE-2017-16803 is the lack of proper restrictions on tree recursion within the smacker_decode_tree function.

collector/security-tracker-debian
agent/type
agent/last-modified-date
agent/first-publish-date
agent/weakness
agent/severity
agent/author
agent/references
agent/softwarecombine
agent/tags
agent/description
agent/event
collector/nvd-index
agent/software-canonical-lookup-request
package-manager/debian
vendor/libav
canonical/libavutil
version/libavutil/11.11
version/libavutil/12.0
version/libavutil/12.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.