Critical severity9.8NVD Advisory· Published Nov 21, 2017· Updated Jun 17, 2026
CVE-2017-16840
CVE-2017-16840
Description
The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- osv-coords2 versionspkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ffmpeg&distro=SUSE%20Package%20Hub%2012%20SP2
< 4.4-5.2+ 1 more
- (no CPE)range: < 4.4-5.2
- (no CPE)range: < 3.4.2-14.1
Patches
Vulnerability mechanics
References
4- github.com/FFmpeg/FFmpeg/commit/94e538aebbc9f9c529e8b1f2eda860cfb8c473b1nvdPatchThird Party Advisory
- www.securityfocus.com/bid/101924nvdThird Party AdvisoryVDB Entry
- www.debian.org/security/2017/dsa-4049nvdVendor Advisory
- git.videolan.orgnvd
News mentions
0No linked articles in our index yet.