CVE-2017-9051 — NULL Pointer Dereference in Libav

CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

0.3%

top 43.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg Libav

Timeline

PublishedMay 18

Latest updateMay 17

Description

libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDlibav/libav12.0

▶debiandebian/ffmpeg< ffmpeg 7:2.6.1-1 (bookworm)

▶Debianffmpeg/ffmpeg< 7:2.6.1-1+3

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-93m5-m7h3-h2pm: libav before 12↗2022-05-17

▶

OSV

CVE-2017-9051: libav before 12↗2017-05-18

▶

📋Vendor Advisories

Debian

CVE-2017-9051: ffmpeg - libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer...↗2017

▶