CVE-2017-7866

Metadata

high
7.5
ffmpeg, libav
CVE-2017-7866
cve.mitre.org, bugs.chromium.org, github.com
2017-04-14
2017-06-16 19:22
CVE-2017-7866 libav
CVE-2017-7866 ffmpeg
2017-04-17 19:03

Description

FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
upstream ffmpeg 7:3.2.4-1
xenial ffmpeg 7:2.8.11-0ubuntu0.16.04.1
yakkety ffmpeg 7:3.0.7-0ubuntu0.16.10.1

Unaffected

Release Package Reason
precise libav not-affected
ffmpeg DNE
trusty libav not-affected
ffmpeg DNE
vivid/stable-phone-overlay libav DNE
ffmpeg DNE
vivid/ubuntu-core libav DNE
ffmpeg DNE
xenial libav DNE
yakkety libav DNE
zesty libav DNE
ffmpeg not-affected
devel libav DNE
ffmpeg not-affected

Needs Triage

Release Package Reason
upstream libav needs-triage