{"id":"CVE-2017-7863","details":"FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c.","modified":"2026-02-24T01:11:31.362367Z","published":"2017-04-14T04:59:00.507Z","related":["openSUSE-SU-2017:1532-1","openSUSE-SU-2024:10754-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/97675"},{"type":"ADVISORY","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=546"},{"type":"ADVISORY","url":"https://github.com/FFmpeg/FFmpeg/commit/e477f09d0b3619f3d29173b2cd593e17e2d1978e"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00005.html"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/e477f09d0b3619f3d29173b2cd593e17e2d1978e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ffmpeg/ffmpeg","events":[{"introduced":"0"},{"fixed":"e477f09d0b3619f3d29173b2cd593e17e2d1978e"}]}],"versions":["N","n0.11-dev","n0.12-dev","n0.8","n1.1-dev","n1.2-dev","n1.3-dev","n2.0","n2.1-dev","n2.2-dev","n2.3-dev","n2.4-dev","n2.5-dev","n2.6-dev","n2.7-dev","n2.8-dev","n2.9-dev","n3.1-dev","n3.2-dev","n3.3-dev"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7863.json","vanir_signatures":[{"signature_version":"v1","id":"CVE-2017-7863-0d294038","signature_type":"Line","target":{"file":"libavcodec/pngdec.c"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["282977772222839905854240064943096062902","278148970362855129459247544722225696339","298380413604141503923794206437050241987","143259991541676878253750557310545517575","86856997118619733223480574003708215738","87341394385815980187858661066954617682","104447325692181378297223751637690104946","310201155084108673074383458679907859396","267580968104183235900814774202952633795","160113816113473237607329907433764805782"]},"source":"https://github.com/ffmpeg/ffmpeg/commit/e477f09d0b3619f3d29173b2cd593e17e2d1978e"},{"signature_version":"v1","id":"CVE-2017-7863-86a15797","signature_type":"Function","target":{"function":"decode_trns_chunk","file":"libavcodec/pngdec.c"},"deprecated":false,"digest":{"length":1028,"function_hash":"185143868364516893484784678909185451635"},"source":"https://github.com/ffmpeg/ffmpeg/commit/e477f09d0b3619f3d29173b2cd593e17e2d1978e"},{"signature_version":"v1","id":"CVE-2017-7863-ec0be270","signature_type":"Function","target":{"function":"decode_frame_common","file":"libavcodec/pngdec.c"},"deprecated":false,"digest":{"length":5444,"function_hash":"88211801093252918589128175885575646148"},"source":"https://github.com/ffmpeg/ffmpeg/commit/e477f09d0b3619f3d29173b2cd593e17e2d1978e"}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}