{"id":"CVE-2017-11719","details":"The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file.","modified":"2026-02-24T11:19:47.635674Z","published":"2017-07-28T05:29:00.980Z","references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3957"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/100020"},{"type":"ADVISORY","url":"https://github.com/FFmpeg/FFmpeg/commit/296debd213bd6dce7647cedd34eb64e5b94cdc92"},{"type":"REPORT","url":"https://github.com/FFmpeg/FFmpeg/commit/296debd213bd6dce7647cedd34eb64e5b94cdc92"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/296debd213bd6dce7647cedd34eb64e5b94cdc92"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/f31fc4755f69ab26bf6e8be47875b7dcede8e29e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ffmpeg/ffmpeg","events":[{"introduced":"0"},{"fixed":"296debd213bd6dce7647cedd34eb64e5b94cdc92"},{"introduced":"0"},{"fixed":"f31fc4755f69ab26bf6e8be47875b7dcede8e29e"}]}],"versions":["N","n0.11-dev","n0.12-dev","n0.8","n1.1-dev","n1.2-dev","n1.3-dev","n2.0","n2.1-dev","n2.2-dev","n2.3-dev","n2.4-dev","n2.5-dev","n2.6-dev","n2.7-dev","n2.8-dev","n2.9-dev","n3.0","n3.0.1","n3.0.2","n3.0.3","n3.0.4","n3.0.5","n3.0.6","n3.0.7","n3.0.8","n3.0.9","n3.1-dev","n3.2-dev","n3.3-dev","n3.4-dev"],"database_specific":{"vanir_signatures":[{"deprecated":false,"source":"https://github.com/ffmpeg/ffmpeg/commit/f31fc4755f69ab26bf6e8be47875b7dcede8e29e","signature_version":"v1","digest":{"line_hashes":["100318797512033389861596406043917782503","42408459506568958247370082256356681273","100367277278541251270000646040197848271","96566641927395137501024928058526547591","286852269919824558371675813279522387154","312411931610969508313865823536847928594","95054869301316943179642178040691984832","62623119817135350831957929639482943635","280972317271835893866219047354187031203","95172754879147607128967802744936275167","174214833522849791567883213859353312572"],"threshold":0.9},"signature_type":"Line","id":"CVE-2017-11719-078497e0","target":{"file":"libavcodec/dnxhddec.c"}},{"deprecated":false,"source":"https://github.com/ffmpeg/ffmpeg/commit/296debd213bd6dce7647cedd34eb64e5b94cdc92","signature_version":"v1","digest":{"line_hashes":["201767448780033427295959325489329433342","42408459506568958247370082256356681273","100367277278541251270000646040197848271","96566641927395137501024928058526547591","286852269919824558371675813279522387154","312411931610969508313865823536847928594","95054869301316943179642178040691984832","62623119817135350831957929639482943635","280972317271835893866219047354187031203","95172754879147607128967802744936275167","174214833522849791567883213859353312572"],"threshold":0.9},"signature_type":"Line","id":"CVE-2017-11719-4cc60eb6","target":{"file":"libavcodec/dnxhddec.c"}},{"deprecated":false,"source":"https://github.com/ffmpeg/ffmpeg/commit/296debd213bd6dce7647cedd34eb64e5b94cdc92","signature_version":"v1","digest":{"length":5395,"function_hash":"172783280181002362027889072661273690051"},"signature_type":"Function","id":"CVE-2017-11719-8a35a4ce","target":{"file":"libavcodec/dnxhddec.c","function":"dnxhd_decode_header"}},{"deprecated":false,"source":"https://github.com/ffmpeg/ffmpeg/commit/f31fc4755f69ab26bf6e8be47875b7dcede8e29e","signature_version":"v1","digest":{"length":5024,"function_hash":"280771450698735831455461045613898131147"},"signature_type":"Function","id":"CVE-2017-11719-ddb34b56","target":{"file":"libavcodec/dnxhddec.c","function":"dnxhd_decode_header"}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-11719.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}