{"id":"CVE-2017-9990","details":"Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.","modified":"2026-02-24T01:12:06.359488Z","published":"2017-06-28T06:29:00.427Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/99313"},{"type":"ADVISORY","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1466"},{"type":"ADVISORY","url":"https://github.com/FFmpeg/FFmpeg/commit/cb243972b121b1ae6b60a78ff55a0506c69f3879"},{"type":"REPORT","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1466"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/cb243972b121b1ae6b60a78ff55a0506c69f3879"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ffmpeg/ffmpeg","events":[{"introduced":"0"},{"fixed":"cb243972b121b1ae6b60a78ff55a0506c69f3879"}]}],"versions":["N","n0.11-dev","n0.12-dev","n0.8","n1.1-dev","n1.2-dev","n1.3-dev","n2.0","n2.1-dev","n2.2-dev","n2.3-dev","n2.4-dev","n2.5-dev","n2.6-dev","n2.7-dev","n2.8-dev","n2.9-dev","n3.1-dev","n3.2-dev","n3.3-dev","n3.4-dev"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-9990.json","vanir_signatures":[{"target":{"file":"libavcodec/xpmdec.c"},"source":"https://github.com/ffmpeg/ffmpeg/commit/cb243972b121b1ae6b60a78ff55a0506c69f3879","id":"CVE-2017-9990-13e1b464","digest":{"threshold":0.9,"line_hashes":["63599749157636653845517448070054954079","65156516593260766561620374864103888082","335164718546423726174702895340662375802","183247368258288497579200601411925692703","62311355670432814871516321446178245244","31530832913622825716739144532960523114","105442695112224181449395028017519462934","85950149766818708808628690350829145243","260397977875054609066111641371343611724","78716071934112126707044916284894950873","138459945368558368225212138962524923506","248308347011489445147449693431903040959","142225620732406003824290260856244700552","188460598064415374305360642010901280471","97996008329020950652193527696196863343","2231622449625253579371126192548446919","12925345263743318778010887630736912594","200336718525528214048050427579802236315","105019456377802723424103556901043366635","199838161137426468685004035393755490593","72421583393763552006013243239011390784","318409721970682603793550411297192981828","71731197442197060714772462464133345366","138016975465716181301657658264592596735","339596991661191878958482495727523841730","145864199852780041829871188193501052647","291908036314379562044120359467649164488","47576280686261542084337531131607124871","279256354483998390219034707868191602145","60266614375859469227532310685477156355","323506001038971285989442446612572581318","48572001263821668593232709944430997542","288089685357001898884611972343122708753","54015529940763045433169911985783849053","46392199623422392991051924796700452846","189203597634726858638525552833325781720","3434287379989291287652226206227199484","200286002822345646212190050673797725013","257102937120690187167506752994771354844","122660387739318535785282199147542574314","263021522728277908647022740206966430883","176505932566972297359997964592319561786","103176697026674836103559628298267298603","242839479206994935445073191863668306520","163102384212397990258753254534328015979"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"},{"target":{"function":"color_string_to_rgba","file":"libavcodec/xpmdec.c"},"source":"https://github.com/ffmpeg/ffmpeg/commit/cb243972b121b1ae6b60a78ff55a0506c69f3879","id":"CVE-2017-9990-220540a9","digest":{"function_hash":"306163589064803581275795265117018843344","length":1299},"deprecated":false,"signature_version":"v1","signature_type":"Function"},{"target":{"function":"xpm_decode_close","file":"libavcodec/xpmdec.c"},"source":"https://github.com/ffmpeg/ffmpeg/commit/cb243972b121b1ae6b60a78ff55a0506c69f3879","id":"CVE-2017-9990-9bbbbc08","digest":{"function_hash":"80469976479162606051254647122926621788","length":120},"deprecated":false,"signature_version":"v1","signature_type":"Function"},{"target":{"function":"xpm_decode_frame","file":"libavcodec/xpmdec.c"},"source":"https://github.com/ffmpeg/ffmpeg/commit/cb243972b121b1ae6b60a78ff55a0506c69f3879","id":"CVE-2017-9990-b59f620e","digest":{"function_hash":"73035522207412136017241348420352390378","length":2381},"deprecated":false,"signature_version":"v1","signature_type":"Function"}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}