{"id":"CVE-2017-7208","details":"The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file.","modified":"2026-04-11T16:24:20.696108Z","published":"2017-03-21T06:59:00.447Z","references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/97005"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-4012"},{"type":"REPORT","url":"https://bugzilla.libav.org/show_bug.cgi?id=1000"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libav/libav","events":[{"introduced":"0"},{"last_affected":"620810803b36e02cfbbfb1cb737dc25f858858cd"}],"database_specific":{"cpe":"cpe:2.3:a:libav:libav:9.21:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"9.21"}]}}],"versions":["v0.7","v0.7b1","v0.7b2","v0.7rc1","v0.8","v0.8b1","v0.8b2","v9","v9.1","v9.10","v9.11","v9.12","v9.13","v9.14","v9.15","v9.15.1","v9.16","v9.17","v9.18","v9.19","v9.2","v9.20","v9.21","v9.3","v9.4","v9.5","v9.6","v9.7","v9.8","v9.9","v9_beta1","v9_beta2","v9_beta3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7208.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}]}