CVE-2017-17555

Summary

CVE	CVE-2017-17555
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-12-12 01:29:00 UTC
Updated	2023-11-07 02:41:00 UTC
Description	The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.

Risk And Classification

Problem Types: CWE-476

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Aubio	Aubio	0.4.6	All	All	All
Application	Aubio	Aubio	0.4.6	All	All	All
Application	Ffmpeg	Ffmpeg	3.4.1	All	All	All
Application	Ffmpeg	Ffmpeg	3.4.1	All	All	All
Application	Ffmpeg	Libswresample	All	All	All	All

References

Reference	Source	Link	Tags
vulnerability/An NULL pointer dereference(DoS) Vulnerability was found in function swri_audio_convert of ffmpeg libswresample.md at master · Iv4n550/vulnerability · GitHub		github.com
[security-announce] openSUSE-SU-2020:0024-1: moderate: Security update f	SUSE	lists.opensuse.org
vulnerability/An NULL pointer dereference(DoS) Vulnerability was found in function swri_audio_convert of ffmpeg libswresample.md at master · Iv4n550/vulnerability · GitHub	MISC	github.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.