High severity8.8NVD Advisory· Published Nov 6, 2017· Updated Jun 17, 2026
CVE-2017-15672
CVE-2017-15672
Description
The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- osv-coords2 versionspkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ffmpeg&distro=SUSE%20Package%20Hub%2012%20SP2
< 4.4-5.2+ 1 more
- (no CPE)range: < 4.4-5.2
- (no CPE)range: < 3.4.2-14.1
Patches
Vulnerability mechanics
References
6- www.openwall.com/lists/oss-security/2017/11/03/4nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/101690nvdThird Party AdvisoryVDB Entry
- lists.debian.org/debian-lts-announce/2019/01/msg00006.htmlnvdMailing ListThird Party Advisory
- www.debian.org/security/2017/dsa-4049nvdThird Party Advisory
- git.videolan.orgnvd
- github.com/FFmpeg/FFmpeg/commit/d893253fcd93d11258e98857175e93be7d158708nvd
News mentions
0No linked articles in our index yet.