製品・ソフトウェアに関する情報

JVN脆弱性詳細

FFmpeg における NULL ポインタデリファレンスに関する脆弱性

Title	FFmpeg における NULL ポインタデリファレンスに関する脆弱性
Summary	FFmpeg には、NULL ポインタデリファレンスに関する脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 14, 2017, midnight
Registration Date	Feb. 2, 2018, 11:46 a.m.
Last Update	Feb. 2, 2018, 11:46 a.m.

Affected System

FFmpeg

FFmpeg 3.2.6 未満

FFmpeg 3.3.3 未満の 3.3.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-9608	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9608
National Vulnerability Database (NVD)
2	CVE-2017-9608	https://nvd.nist.gov/vuln/detail/CVE-2017-9608

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-476	http://cwe.mitre.org/data/definitions/476.html

ベンダー情報

No	Name	URL
GitHub
1	avcodec/dnxhd_parser: Do not return invalid value from dnxhd_find_frame_end() on error (0a709e2)	https://github.com/FFmpeg/FFmpeg/commit/0a709e2a10b8288a0cc383547924ecfe285cef89
2	avcodec/dnxhd_parser: Do not return invalid value from dnxhd_find_frame_end() on error (31c1c0b)	https://github.com/FFmpeg/FFmpeg/commit/31c1c0b46a7021802c3d1d18039fca30dba5a14e
3	avcodec/dnxhd_parser: Do not return invalid value from dnxhd_find_frame_end() on error (611b356)	https://github.com/FFmpeg/FFmpeg/commit/611b35627488a8d0763e75c25ee0875c5b7987dd

Change Log

No	Changed Details	Date of change
0	[2018年02月02日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2017-9608

Summary	The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file.
Publication Date	Dec. 28, 2017, 4:29 a.m.
Registration Date	Jan. 26, 2021, 1:31 p.m.
Last Update	Nov. 21, 2024, 12:36 p.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	http://www.openwall.com/lists/oss-security/2017/08/14/1	Mailing List
2	http://www.openwall.com/lists/oss-security/2017/08/14/1	Mailing List
3	http://www.openwall.com/lists/oss-security/2017/08/15/8	Mailing List Third Party Advisory
4	http://www.openwall.com/lists/oss-security/2017/08/15/8	Mailing List Third Party Advisory
5	http://www.securityfocus.com/bid/100348	Third Party Advisory VDB Entry
6	http://www.securityfocus.com/bid/100348	Third Party Advisory VDB Entry
7	https://github.com/FFmpeg/FFmpeg/commit/0a709e2a10b8288a0cc383547924ecfe285cef89	Patch
8	https://github.com/FFmpeg/FFmpeg/commit/0a709e2a10b8288a0cc383547924ecfe285cef89	Patch
9	https://github.com/FFmpeg/FFmpeg/commit/31c1c0b46a7021802c3d1d18039fca30dba5a14e	Patch
10	https://github.com/FFmpeg/FFmpeg/commit/31c1c0b46a7021802c3d1d18039fca30dba5a14e	Patch
11	https://github.com/FFmpeg/FFmpeg/commit/611b35627488a8d0763e75c25ee0875c5b7987dd	Patch
12	https://github.com/FFmpeg/FFmpeg/commit/611b35627488a8d0763e75c25ee0875c5b7987dd	Patch
13	https://www.debian.org/security/2017/dsa-3957	Third Party Advisory
14	https://www.debian.org/security/2017/dsa-3957	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-476	NULL ポインタデリファレンス	https://cwe.mitre.org/data/definitions/476.html