ffmpeg, libav
2017-10-23 14:20
CVE-2017-7865 ffmpeg
CVE-2017-7865 libav
2017-06-16 19:22
2017-05-10 23:49
2017-04-17 19:03


FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
trusty libav None
upstream ffmpeg 7:3.2.4-1
xenial ffmpeg 7:2.8.11-0ubuntu0.16.04.1
yakkety ffmpeg 7:3.0.7-0ubuntu0.16.10.1


Release Package Reason
precise libav not-affected
ffmpeg DNE
precise/esm libav DNE
ffmpeg DNE
vivid/stable-phone-overlay libav DNE
ffmpeg DNE
vivid/ubuntu-core libav DNE
ffmpeg DNE
xenial libav DNE
yakkety libav DNE
zesty libav DNE
ffmpeg not-affected
artful libav DNE
ffmpeg not-affected
devel libav DNE
ffmpeg not-affected
trusty ffmpeg DNE

Needs Triage

Release Package Reason
upstream libav needs-triage