CVE-2017-5984Out-of-bounds Read in Libav

CWE-125Out-of-bounds Read6 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 53.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LibavDebian Ffmpeg
Timeline
PublishedMay 22
Latest updateMay 24

Description

In libavcodec in Libav 9.21, ff_h264_execute_ref_pic_marking() has a heap-based buffer over-read.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDlibav/libav9.21
debiandebian/ffmpeg

Patches

Patch: bugzilla.libav.orgPatch: patches.libav.orgPatch: bugzilla.libav.org

🔴Vulnerability Details

2
GHSA
GHSA-mr77-7gq4-72f2: In libavcodec in Libav 92022-05-24
OSV
CVE-2017-5984: In libavcodec in Libav 92019-05-22

💥Exploits & PoCs

2
Exploit-DB
Apache CouchDB < 2.1.0 - Remote Code Execution2018-06-20
Exploit-DB
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation2018-04-23

📋Vendor Advisories

1
Debian
CVE-2017-5984: ffmpeg - In libavcodec in Libav 9.21, ff_h264_execute_ref_pic_marking() has a heap-based ...2017
CVE-2017-5984 — Out-of-bounds Read in Libav | cvebase