Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 626414 (CVE-2017-11719) - <media-video/ffmpeg-3.3.3: Denial of Service (CVE-2017-11719)
Summary: <media-video/ffmpeg-3.3.3: Denial of Service (CVE-2017-11719)
Alias: CVE-2017-11719
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa cve]
Depends on: CVE-2017-11399
  Show dependency tree
Reported: 2017-07-28 07:43 UTC by Aleksandr Wagner (Kivak)
Modified: 2017-10-26 00:40 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Aleksandr Wagner (Kivak) 2017-07-28 07:43:23 UTC
CVE-2017-11719 (

The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file. 


Commit in master branch

Commit in release/3.3 branch
Comment 1 Alexis Ballier gentoo-dev 2017-07-30 14:27:34 UTC
3.2.6 is vulnerable and probably older versions too

3.3.3 has the fix and can go stable
Comment 2 Alexis Ballier gentoo-dev 2017-08-26 15:22:30 UTC
note: 3.3.3 can go stable; but bug #626414 is not yet fixed
Comment 3 Alexis Ballier gentoo-dev 2017-08-26 15:22:52 UTC
(In reply to Alexis Ballier from comment #2)
> note: 3.3.3 can go stable; but bug #626414 is not yet fixed

bug #627220 I mean
Comment 4 Aaron Bauman (RETIRED) gentoo-dev 2017-10-26 00:40:29 UTC
GLSA Vote: No

Cleanup handled in bug #630460