{"id":"CVE-2017-11399","details":"Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file.","modified":"2026-02-24T11:20:35.591544Z","published":"2017-07-17T19:29:00.260Z","related":["MGASA-2018-0008","openSUSE-SU-2024:10754-1"],"references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/100019"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3957"},{"type":"ADVISORY","url":"https://github.com/FFmpeg/FFmpeg/commit/ba4beaf6149f7241c8bd85fe853318c2f6837ad0"},{"type":"REPORT","url":"https://github.com/FFmpeg/FFmpeg/commit/ba4beaf6149f7241c8bd85fe853318c2f6837ad0"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/96349da5ec8eda9f0368446e557fe0c8ba0e66b7"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/ba4beaf6149f7241c8bd85fe853318c2f6837ad0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ffmpeg/ffmpeg","events":[{"introduced":"0"},{"fixed":"96349da5ec8eda9f0368446e557fe0c8ba0e66b7"},{"introduced":"0"},{"fixed":"ba4beaf6149f7241c8bd85fe853318c2f6837ad0"}]}],"versions":["N","n0.11-dev","n0.12-dev","n0.8","n1.1-dev","n1.2-dev","n1.3-dev","n2.0","n2.1-dev","n2.2-dev","n2.3-dev","n2.4","n2.4-dev","n2.4.1","n2.4.10","n2.4.11","n2.4.12","n2.4.13","n2.4.2","n2.4.3","n2.4.4","n2.4.5","n2.4.6","n2.4.7","n2.4.8","n2.4.9","n2.5-dev","n2.6-dev","n2.7-dev","n2.8-dev","n2.9-dev","n3.1-dev","n3.2-dev","n3.3-dev","n3.4-dev"],"database_specific":{"vanir_signatures":[{"target":{"file":"libavcodec/apedec.c","function":"ape_decode_frame"},"signature_version":"v1","source":"https://github.com/ffmpeg/ffmpeg/commit/ba4beaf6149f7241c8bd85fe853318c2f6837ad0","id":"CVE-2017-11399-01efdeaa","signature_type":"Function","deprecated":false,"digest":{"function_hash":"87176752411722899504371359328285937876","length":3671}},{"target":{"file":"libavcodec/apedec.c","function":"ape_decode_frame"},"signature_version":"v1","source":"https://github.com/ffmpeg/ffmpeg/commit/96349da5ec8eda9f0368446e557fe0c8ba0e66b7","id":"CVE-2017-11399-213aa6bf","signature_type":"Function","deprecated":false,"digest":{"function_hash":"87176752411722899504371359328285937876","length":3671}},{"target":{"file":"libavcodec/apedec.c"},"signature_version":"v1","source":"https://github.com/ffmpeg/ffmpeg/commit/96349da5ec8eda9f0368446e557fe0c8ba0e66b7","id":"CVE-2017-11399-80e17083","signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["177999553618233406099160346547166088791","281223753256772375036123618331410352373","199164221402197121088267992248830992347","169419787339443002891149286306600929292","56850444523076892724772510557272670354","221530794161267527451934110621744540079","91020754815393809385049182583261956577","261895714190720812252645883656072875919","148134308668535936659433678929467899088","122865138154188195948536146745425143364","312551744281684646392193375890382757657","81074086178002383079696892734312808795","86894163162987399058845434280681964582"]}},{"target":{"file":"libavcodec/apedec.c"},"signature_version":"v1","source":"https://github.com/ffmpeg/ffmpeg/commit/ba4beaf6149f7241c8bd85fe853318c2f6837ad0","id":"CVE-2017-11399-8b4379eb","signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["177999553618233406099160346547166088791","281223753256772375036123618331410352373","199164221402197121088267992248830992347","169419787339443002891149286306600929292","56850444523076892724772510557272670354","221530794161267527451934110621744540079","91020754815393809385049182583261956577","261895714190720812252645883656072875919","148134308668535936659433678929467899088","122865138154188195948536146745425143364","312551744281684646392193375890382757657","81074086178002383079696892734312808795","86894163162987399058845434280681964582"]}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-11399.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}