Candidate: CVE-2017-16840
PublicDate: 2017-11-21 08:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16840
 http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a94cb36ab2ad99d3a1331c9f91831ef593d94f74
Description:
 The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote
 attackers to cause a denial of service (out-of-bounds read) because of
 incorrect buffer padding for non-Haar wavelets, related to
 libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_ffmpeg:
upstream_ffmpeg: needs-triage
precise/esm_ffmpeg: DNE
trusty_ffmpeg: DNE
trusty/esm_ffmpeg: DNE
xenial_ffmpeg: not-affected (code not present)
zesty_ffmpeg: ignored (reached end-of-life)
artful_ffmpeg: ignored (reached end-of-life)
bionic_ffmpeg: not-affected (7:3.4.1-1)
devel_ffmpeg: not-affected (7:3.4.1-1)