{"id":"UBUNTU-CVE-2017-17081","details":"The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file.","modified":"2026-05-20T16:05:15.113868074Z","published":"2017-11-30T21:29:00Z","upstream":["CVE-2017-17081"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-17081"},{"type":"REPORT","url":"https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2017-November/219748.html"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2017-17081"}],"affected":[{"package":{"name":"ffmpeg","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/ffmpeg?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7:2.8.14-0ubuntu0.16.04.1"}]}],"versions":["7:2.7.2-1build1","7:2.8.1-1ubuntu1","7:2.8.2-1ubuntu1","7:2.8.3-1","7:2.8.4-1","7:2.8.4-1ubuntu1","7:2.8.4-1ubuntu2","7:2.8.4-1ubuntu3","7:2.8.4-1ubuntu4","7:2.8.6-1ubuntu1","7:2.8.6-1ubuntu2","7:2.8.8-0ubuntu0.16.04.1","7:2.8.10-0ubuntu0.16.04.1","7:2.8.11-0ubuntu0.16.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"7:2.8.14-0ubuntu0.16.04.1","binary_name":"ffmpeg"},{"binary_version":"7:2.8.14-0ubuntu0.16.04.1","binary_name":"libav-tools"},{"binary_version":"7:2.8.14-0ubuntu0.16.04.1","binary_name":"libavcodec-extra"},{"binary_version":"7:2.8.14-0ubuntu0.16.04.1","binary_name":"libavcodec-ffmpeg-extra56"},{"binary_version":"7:2.8.14-0ubuntu0.16.04.1","binary_name":"libavcodec-ffmpeg56"},{"binary_version":"7:2.8.14-0ubuntu0.16.04.1","binary_name":"libavdevice-ffmpeg56"},{"binary_version":"7:2.8.14-0ubuntu0.16.04.1","binary_name":"libavfilter-ffmpeg5"},{"binary_version":"7:2.8.14-0ubuntu0.16.04.1","binary_name":"libavformat-ffmpeg56"},{"binary_version":"7:2.8.14-0ubuntu0.16.04.1","binary_name":"libavresample-ffmpeg2"},{"binary_version":"7:2.8.14-0ubuntu0.16.04.1","binary_name":"libavutil-ffmpeg54"},{"binary_version":"7:2.8.14-0ubuntu0.16.04.1","binary_name":"libpostproc-ffmpeg53"},{"binary_version":"7:2.8.14-0ubuntu0.16.04.1","binary_name":"libswresample-ffmpeg1"},{"binary_version":"7:2.8.14-0ubuntu0.16.04.1","binary_name":"libswscale-ffmpeg3"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-17081.json"}},{"package":{"name":"oxide-qt","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/oxide-qt?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.9.5-0ubuntu1","1.10.3-0ubuntu0.15.10.1","1.10.3-0ubuntu0.15.10.2","1.11.3-0ubuntu3","1.11.4-0ubuntu1","1.11.5-0ubuntu1","1.12.5-0ubuntu1","1.12.6-0ubuntu1","1.12.7-0ubuntu1","1.13.6-0ubuntu1","1.14.7-0ubuntu1","1.14.9-0ubuntu0.16.04.1","1.15.7-0ubuntu0.16.04.1","1.15.8-0ubuntu0.16.04.1","1.16.5-0ubuntu0.16.04.1","1.17.7-0ubuntu0.16.04.1","1.17.9-0ubuntu0.16.04.1","1.18.3-0ubuntu0.16.04.1","1.18.5-0ubuntu0.16.04.1","1.19.4-0ubuntu0.16.04.1","1.20.4-0ubuntu0.16.04.1","1.21.5-0ubuntu0.16.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.21.5-0ubuntu0.16.04.1","binary_name":"liboxideqt-qmlplugin"},{"binary_version":"1.21.5-0ubuntu0.16.04.1","binary_name":"liboxideqtcore0"},{"binary_version":"1.21.5-0ubuntu0.16.04.1","binary_name":"liboxideqtquick0"},{"binary_version":"1.21.5-0ubuntu0.16.04.1","binary_name":"oxideqt-codecs"},{"binary_version":"1.21.5-0ubuntu0.16.04.1","binary_name":"oxideqt-codecs-extra"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-17081.json"}},{"package":{"name":"qtwebengine-opensource-src","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/qtwebengine-opensource-src?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.9.1+dfsg-4","5.9.1+dfsg-4ubuntu1","5.9.2+dfsg-2ubuntu1","5.9.3+dfsg-0ubuntu1","5.9.4+dfsg-0ubuntu1","5.9.5+dfsg-0ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_version":"5.9.5+dfsg-0ubuntu2","binary_name":"libqt5webengine-data"},{"binary_version":"5.9.5+dfsg-0ubuntu2","binary_name":"libqt5webengine5"},{"binary_version":"5.9.5+dfsg-0ubuntu2","binary_name":"libqt5webenginecore5"},{"binary_version":"5.9.5+dfsg-0ubuntu2","binary_name":"libqt5webenginewidgets5"},{"binary_version":"5.9.5+dfsg-0ubuntu2","binary_name":"qml-module-qtwebengine"},{"binary_version":"5.9.5+dfsg-0ubuntu2","binary_name":"qtwebengine5-dev-tools"},{"binary_version":"5.9.5+dfsg-0ubuntu2","binary_name":"qtwebengine5-doc-html"},{"binary_version":"5.9.5+dfsg-0ubuntu2","binary_name":"qtwebengine5-examples"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-17081.json"}},{"package":{"name":"qtwebengine-opensource-src","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/qtwebengine-opensource-src?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.12.4+dfsg-1ubuntu1","5.12.4+dfsg-1ubuntu3","5.12.5+dfsg-3ubuntu1","5.12.5+dfsg-6ubuntu2","5.12.5+dfsg-7","5.12.5+dfsg-7build1","5.12.8+dfsg-0ubuntu1","5.12.8+dfsg-0ubuntu1.1"],"ecosystem_specific":{"binaries":[{"binary_version":"5.12.8+dfsg-0ubuntu1.1","binary_name":"libqt5webengine-data"},{"binary_version":"5.12.8+dfsg-0ubuntu1.1","binary_name":"libqt5webengine5"},{"binary_version":"5.12.8+dfsg-0ubuntu1.1","binary_name":"libqt5webenginecore5"},{"binary_version":"5.12.8+dfsg-0ubuntu1.1","binary_name":"libqt5webenginewidgets5"},{"binary_version":"5.12.8+dfsg-0ubuntu1.1","binary_name":"qml-module-qtwebengine"},{"binary_version":"5.12.8+dfsg-0ubuntu1.1","binary_name":"qtwebengine5-dev-tools"},{"binary_version":"5.12.8+dfsg-0ubuntu1.1","binary_name":"qtwebengine5-doc-html"},{"binary_version":"5.12.8+dfsg-0ubuntu1.1","binary_name":"qtwebengine5-examples"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-17081.json"}},{"package":{"name":"qtwebengine-opensource-src","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/qtwebengine-opensource-src?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.15.6+dfsg-1","5.15.6+dfsg-2","5.15.7+dfsg-2","5.15.8+dfsg-1","5.15.8+dfsg-1build1","5.15.8+dfsg-1build2","5.15.8+dfsg-2","5.15.9+dfsg-1"],"ecosystem_specific":{"binaries":[{"binary_version":"5.15.9+dfsg-1","binary_name":"libqt5pdf5"},{"binary_version":"5.15.9+dfsg-1","binary_name":"libqt5pdfwidgets5"},{"binary_version":"5.15.9+dfsg-1","binary_name":"libqt5webengine-data"},{"binary_version":"5.15.9+dfsg-1","binary_name":"libqt5webengine5"},{"binary_version":"5.15.9+dfsg-1","binary_name":"libqt5webenginecore5"},{"binary_version":"5.15.9+dfsg-1","binary_name":"libqt5webenginewidgets5"},{"binary_version":"5.15.9+dfsg-1","binary_name":"qml-module-qtquick-pdf"},{"binary_version":"5.15.9+dfsg-1","binary_name":"qml-module-qtwebengine"},{"binary_version":"5.15.9+dfsg-1","binary_name":"qt5-image-formats-plugin-pdf"},{"binary_version":"5.15.9+dfsg-1","binary_name":"qtpdf5-doc-html"},{"binary_version":"5.15.9+dfsg-1","binary_name":"qtpdf5-examples"},{"binary_version":"5.15.9+dfsg-1","binary_name":"qtwebengine5-dev-tools"},{"binary_version":"5.15.9+dfsg-1","binary_name":"qtwebengine5-doc-html"},{"binary_version":"5.15.9+dfsg-1","binary_name":"qtwebengine5-examples"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-17081.json"}},{"package":{"name":"qtwebengine-opensource-src","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/qtwebengine-opensource-src?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.15.15+dfsg-2","5.15.15+dfsg-2build2","5.15.15+dfsg-2ubuntu1","5.15.16+dfsg-1","5.15.16+dfsg-1ubuntu2","5.15.16+dfsg-1ubuntu4","5.15.16+dfsg-3"],"ecosystem_specific":{"binaries":[{"binary_version":"5.15.16+dfsg-3","binary_name":"libqt5pdf5"},{"binary_version":"5.15.16+dfsg-3","binary_name":"libqt5pdfwidgets5"},{"binary_version":"5.15.16+dfsg-3","binary_name":"libqt5webengine-data"},{"binary_version":"5.15.16+dfsg-3","binary_name":"libqt5webengine5"},{"binary_version":"5.15.16+dfsg-3","binary_name":"libqt5webenginecore5"},{"binary_version":"5.15.16+dfsg-3","binary_name":"libqt5webenginewidgets5"},{"binary_version":"5.15.16+dfsg-3","binary_name":"qml-module-qtquick-pdf"},{"binary_version":"5.15.16+dfsg-3","binary_name":"qml-module-qtwebengine"},{"binary_version":"5.15.16+dfsg-3","binary_name":"qt5-image-formats-plugin-pdf"},{"binary_version":"5.15.16+dfsg-3","binary_name":"qtpdf5-doc-html"},{"binary_version":"5.15.16+dfsg-3","binary_name":"qtpdf5-examples"},{"binary_version":"5.15.16+dfsg-3","binary_name":"qtwebengine5-dev-tools"},{"binary_version":"5.15.16+dfsg-3","binary_name":"qtwebengine5-doc-html"},{"binary_version":"5.15.16+dfsg-3","binary_name":"qtwebengine5-examples"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-17081.json"}},{"package":{"name":"qtwebengine-opensource-src","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/qtwebengine-opensource-src?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.15.18+dfsg-2","5.15.18+dfsg-2build1","5.15.19+dfsg-1","5.15.19+dfsg2-1"],"ecosystem_specific":{"binaries":[{"binary_version":"5.15.19+dfsg2-1","binary_name":"libqt5pdf5"},{"binary_version":"5.15.19+dfsg2-1","binary_name":"libqt5pdfwidgets5"},{"binary_version":"5.15.19+dfsg2-1","binary_name":"libqt5webengine-data"},{"binary_version":"5.15.19+dfsg2-1","binary_name":"libqt5webengine5"},{"binary_version":"5.15.19+dfsg2-1","binary_name":"libqt5webenginecore5"},{"binary_version":"5.15.19+dfsg2-1","binary_name":"libqt5webenginewidgets5"},{"binary_version":"5.15.19+dfsg2-1","binary_name":"qml-module-qtquick-pdf"},{"binary_version":"5.15.19+dfsg2-1","binary_name":"qml-module-qtwebengine"},{"binary_version":"5.15.19+dfsg2-1","binary_name":"qt5-image-formats-plugin-pdf"},{"binary_version":"5.15.19+dfsg2-1","binary_name":"qtpdf5-doc-html"},{"binary_version":"5.15.19+dfsg2-1","binary_name":"qtpdf5-examples"},{"binary_version":"5.15.19+dfsg2-1","binary_name":"qtwebengine5-dev-tools"},{"binary_version":"5.15.19+dfsg2-1","binary_name":"qtwebengine5-doc-html"},{"binary_version":"5.15.19+dfsg2-1","binary_name":"qtwebengine5-examples"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-17081.json"}},{"package":{"name":"qtwebengine-opensource-src","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/qtwebengine-opensource-src?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.15.19+dfsg2-1","5.15.19+dfsg2-1build1","5.15.19+dfsg2-2","5.15.19+dfsg2-3","5.15.19+dfsg2-4"],"ecosystem_specific":{"binaries":[{"binary_version":"5.15.19+dfsg2-4","binary_name":"libqt5webengine-data"},{"binary_version":"5.15.19+dfsg2-4","binary_name":"libqt5webengine5"},{"binary_version":"5.15.19+dfsg2-4","binary_name":"libqt5webenginecore5"},{"binary_version":"5.15.19+dfsg2-4","binary_name":"libqt5webenginewidgets5"},{"binary_version":"5.15.19+dfsg2-4","binary_name":"qml-module-qtwebengine"},{"binary_version":"5.15.19+dfsg2-4","binary_name":"qtwebengine5-dev-tools"},{"binary_version":"5.15.19+dfsg2-4","binary_name":"qtwebengine5-doc-html"},{"binary_version":"5.15.19+dfsg2-4","binary_name":"qtwebengine5-examples"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-17081.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]}