cve/2017/CVE-2017-9608.md

CVE-2017-9608

Description

The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file.

POC

Reference

• http://www.openwall.com/lists/oss-security/2017/08/14/1
• http://www.openwall.com/lists/oss-security/2017/08/15/8

Github

• https://github.com/LaCinquette/practice-22-23
• https://github.com/andir/nixos-issue-db-example