http://bugzilla.opensuse.org/show_bug.cgi?id=1070762 Bug ID: 1070762 Summary: VUL-0: CVE-2017-17081: ffmpeg: The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 does notproperly validate widths and heights, which allows remote attackers to cause adenial of service (integer signedness error and out-of-array Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/196004/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Maintenance Assignee: jengelh@inai.de Reporter: vpereira@microfocus.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2017-17081 The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17081 http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17081.html http://www.cvedetails.com/cve/CVE-2017-17081/ https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2017-November/219748.html https://github.com/FFmpeg/FFmpeg/commit/58cf31cee7a456057f337b3102a03206d833... https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3516#c1 -- You are receiving this mail because: You are on the CC list for the bug.