CVE-2017-11399

HIGH7.8EPSS 0.14%

ffmpeg - security update

Published: 7/17/2017Modified: 4/28/2026

Description

Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file.

Affected packages (3)

Alpine/ffmpegfrom 0, < 3.1.10-r0
Debian/ffmpegfrom 0, < 7:3.3.3-1
Debian/ffmpegfrom 0, < 7:3.2.7-1~deb9u1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.8	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References (2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2017-11399
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2017-11399