CVE-2017-16803 - Vulnerability Details - OpenCVE

In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Libav	Libav

Configuration 1 [-]

OR	cpe:2.3:a:libav:libav::::::::
	cpe:2.3:a:libav:libav:12.0:::::::*
	cpe:2.3:a:libav:libav:12.1:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/101882
https://bugzilla.libav.org/show_bug.cgi?id=1098
https://github.com/libav/libav/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f
https://security.gentoo.org/glsa/201811-19
https://www.debian.org/security/2018/dsa-4119

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-11-13T17:00:00

Updated: 2024-08-05T20:35:21.014Z

Reserved: 2017-11-13T00:00:00

Link: CVE-2017-16803

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-11-13T17:29:00.567

Modified: 2024-11-21T03:17:00.220

Link: CVE-2017-16803

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-11-13T00:00:00", "descriptions": [{"lang": "en", "value": "In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-11-27T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-4119", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4119"}, {"name": "GLSA-201811-19", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201811-19"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.libav.org/show_bug.cgi?id=1098"}, {"name": "101882", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101882"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/libav/libav/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16803", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-4119", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4119"}, {"name": "GLSA-201811-19", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201811-19"}, {"name": "https://bugzilla.libav.org/show_bug.cgi?id=1098", "refsource": "CONFIRM", "url": "https://bugzilla.libav.org/show_bug.cgi?id=1098"}, {"name": "101882", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101882"}, {"name": "https://github.com/libav/libav/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f", "refsource": "CONFIRM", "url": "https://github.com/libav/libav/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:35:21.014Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-4119", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4119"}, {"name": "GLSA-201811-19", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201811-19"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.libav.org/show_bug.cgi?id=1098"}, {"name": "101882", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101882"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/libav/libav/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-16803", "datePublished": "2017-11-13T17:00:00", "dateReserved": "2017-11-13T00:00:00", "dateUpdated": "2024-08-05T20:35:21.014Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libav:libav:*:*:*:*:*:*:*:*", "matchCriteriaId": "D64C7955-5796-4434-8FC0-4486FE1E2AB5", "versionEndIncluding": "11.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:libav:libav:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "D26A9134-C152-46A4-83AB-F61EF54A69B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:libav:libav:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "99846C93-A0F8-459D-AC79-A79CDE487505", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream."}, {"lang": "es", "value": "En Libav hasta la versi\u00f3n 11.11 y las versiones 12.x hasta la 12.1, la funci\u00f3n smacker_decode_tree en libavcodec/smacker.c no restringe correctamente la recursi\u00f3n de \u00e1rbol, lo que permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites de bitstream.c:build_table() y cierre inesperado de la aplicaci\u00f3n) mediante una transmisi\u00f3n Smacker manipulada."}], "id": "CVE-2017-16803", "lastModified": "2024-11-21T03:17:00.220", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-13T17:29:00.567", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101882"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.libav.org/show_bug.cgi?id=1098"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://github.com/libav/libav/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201811-19"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2018/dsa-4119"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101882"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.libav.org/show_bug.cgi?id=1098"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://github.com/libav/libav/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201811-19"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2018/dsa-4119"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}