Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2017-1000460
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-03 Jan, 2018 | 20:29
Updated At-31 Mar, 2019 | 02:29

In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.06.5MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
libav
libav
>>libav>>13_dev0
cpe:2.3:a:libav:libav:13_dev0:*:*:*:*:*:*:*
FFmpeg
ffmpeg
>>ffmpeg>>3.4
cpe:2.3:a:ffmpeg:ffmpeg:3.4:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>Versions up to 56.0.2924(inclusive)
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-476Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://bugzilla.libav.org/show_bug.cgi?id=952cve@mitre.org
Exploit
Issue Tracking
Third Party Advisory
https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/8e313ca08800178efce00045e07dc494d437b70ccve@mitre.org
Issue Tracking
Patch
https://lists.debian.org/debian-lts-announce/2019/03/msg00041.htmlcve@mitre.org
N/A
https://lists.ffmpeg.org/pipermail/ffmpeg-cvslog/2017-January/104221.htmlcve@mitre.org
Issue Tracking
Patch
Change History
0Changes found
Details not found