ffmpeg, libav
2017-10-23 14:19
CVE-2017-7863 ffmpeg
CVE-2017-7863 libav
2017-06-16 19:22
2017-05-10 23:49
2017-04-25 14:03
2017-04-15 05:03


FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
upstream ffmpeg 7:3.2.4-1
xenial ffmpeg None


Release Package Reason
precise libav not-affected
ffmpeg DNE
precise/esm libav DNE
ffmpeg DNE
trusty libav not-affected
ffmpeg DNE
vivid/stable-phone-overlay libav DNE
ffmpeg DNE
vivid/ubuntu-core libav DNE
ffmpeg DNE
xenial libav DNE
yakkety libav DNE
ffmpeg not-affected
zesty libav DNE
ffmpeg not-affected
artful libav DNE
ffmpeg not-affected
devel libav DNE
ffmpeg not-affected

Needs Triage

Release Package Reason
upstream libav needs-triage