CVE-2017-5024 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Ffmpeg

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents7 sources

Severity

5.5MEDIUMNVD

OSV6.1

EPSS

0.2%

top 57.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg Google Chrome

Timeline

PublishedFeb 17

Latest updateMay 14

Description

FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDgoogle/chrome55.0.2883.87

▶debiandebian/ffmpeg< ffmpeg 7:3.2.4-1 (bookworm)

▶Debianffmpeg/ffmpeg< 7:3.2.4-1+3

🔴Vulnerability Details

GHSA

GHSA-r7gq-p438-29xg: FFmpeg in Google Chrome prior to 56↗2022-05-14

▶

OSV

CVE-2017-5024: FFmpeg in Google Chrome prior to 56↗2017-02-17

▶

OSV

oxide-qt vulnerabilities↗2017-02-08

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerabilities↗2017-02-08

▶

Red Hat

chromium-browser: heap overflow in ffmpeg↗2017-01-25

▶

Debian

CVE-2017-5024: ffmpeg - FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed...↗2017

▶

💬Community

Bugzilla

CVE-2017-5024 chromium-browser: heap overflow in ffmpeg↗2017-01-26

▶

Bugzilla

chromium: various flaws [fedora-all]↗2017-01-26

▶