{"id":"CVE-2017-9996","details":"The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.","modified":"2026-04-16T01:47:46.051671993Z","published":"2017-06-28T06:29:00.613Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/99323"},{"type":"ADVISORY","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1378"},{"type":"ADVISORY","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1427"},{"type":"ADVISORY","url":"https://github.com/FFmpeg/FFmpeg/commit/1e42736b95065c69a7481d0cf55247024f54b660"},{"type":"ADVISORY","url":"https://github.com/FFmpeg/FFmpeg/commit/e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d"},{"type":"REPORT","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1378"},{"type":"REPORT","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1427"},{"type":"REPORT","url":"https://github.com/FFmpeg/FFmpeg/commit/1e42736b95065c69a7481d0cf55247024f54b660"},{"type":"REPORT","url":"https://github.com/FFmpeg/FFmpeg/commit/e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/1e42736b95065c69a7481d0cf55247024f54b660"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ffmpeg/ffmpeg","events":[{"introduced":"0"},{"fixed":"1e42736b95065c69a7481d0cf55247024f54b660"},{"introduced":"0"},{"fixed":"e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d"}]}],"versions":["N","n0.11-dev","n0.12-dev","n0.8","n1.1-dev","n1.2-dev","n1.3-dev","n2.0","n2.1-dev","n2.2-dev","n2.3-dev","n2.4-dev","n2.5-dev","n2.6-dev","n2.7-dev","n2.8-dev","n2.9-dev","n3.1-dev","n3.2-dev","n3.3-dev","n3.4-dev"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-9996.json","vanir_signatures":[{"id":"CVE-2017-9996-2f0ad500","signature_type":"Function","deprecated":false,"target":{"function":"cdxl_decode_frame","file":"libavcodec/cdxl.c"},"source":"https://github.com/ffmpeg/ffmpeg/commit/e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d","digest":{"length":2357,"function_hash":"232012547363536280629733976652993635058"},"signature_version":"v1"},{"id":"CVE-2017-9996-c0e84502","signature_type":"Line","deprecated":false,"target":{"file":"libavcodec/cdxl.c"},"source":"https://github.com/ffmpeg/ffmpeg/commit/e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d","digest":{"threshold":0.9,"line_hashes":["9541136662425234999368121051517161174","335429220255434529045940017495389620699","282632619432198648312553285132640172496","117934805132091481606501704046257057968"]},"signature_version":"v1"}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}