{"id":"CVE-2017-7863","details":"FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c.","modified":"2026-04-11T04:59:30.470410Z","published":"2017-04-14T04:59:00.507Z","related":["openSUSE-SU-2017:1532-1","openSUSE-SU-2024:10754-1"],"references":[{"type":"ADVISORY","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=546"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00005.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/97675"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/e477f09d0b3619f3d29173b2cd593e17e2d1978e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ffmpeg/ffmpeg","events":[{"introduced":"0"},{"last_affected":"16c0d8aa46b6a206d14f1d1010b7487809d54e5f"},{"introduced":"0"},{"last_affected":"140fd653aed8cad774f991ba083e2d01e86420c7"},{"fixed":"e477f09d0b3619f3d29173b2cd593e17e2d1978e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.8.10"},{"introduced":"0"},{"last_affected":"8.0"}]}}],"versions":["N","n0.11-dev","n0.12-dev","n0.8","n1.1-dev","n1.2-dev","n1.3-dev","n2.0","n2.1-dev","n2.2-dev","n2.3-dev","n2.4-dev","n2.5-dev","n2.6-dev","n2.7-dev","n2.8","n2.8-dev","n2.8.1","n2.8.10","n2.8.2","n2.8.3","n2.8.4","n2.8.5","n2.8.6","n2.8.7","n2.8.8","n2.8.9","n2.9-dev","n3.1-dev","n3.2-dev","n3.3-dev","n3.4-dev","n3.5-dev","n4.1-dev","n4.2-dev","n4.3-dev","n4.4-dev","n4.5-dev","n5.1-dev","n5.2-dev","n6.1-dev","n6.2-dev","n7.1-dev","n7.2-dev","n8.0"],"database_specific":{"vanir_signatures_modified":"2026-04-11T04:59:30Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7863.json","vanir_signatures":[{"id":"CVE-2017-7863-0d294038","source":"https://github.com/ffmpeg/ffmpeg/commit/e477f09d0b3619f3d29173b2cd593e17e2d1978e","digest":{"threshold":0.9,"line_hashes":["282977772222839905854240064943096062902","278148970362855129459247544722225696339","298380413604141503923794206437050241987","143259991541676878253750557310545517575","86856997118619733223480574003708215738","87341394385815980187858661066954617682","104447325692181378297223751637690104946","310201155084108673074383458679907859396","267580968104183235900814774202952633795","160113816113473237607329907433764805782"]},"deprecated":false,"signature_version":"v1","target":{"file":"libavcodec/pngdec.c"},"signature_type":"Line"},{"id":"CVE-2017-7863-86a15797","source":"https://github.com/ffmpeg/ffmpeg/commit/e477f09d0b3619f3d29173b2cd593e17e2d1978e","digest":{"function_hash":"185143868364516893484784678909185451635","length":1028},"deprecated":false,"signature_version":"v1","target":{"function":"decode_trns_chunk","file":"libavcodec/pngdec.c"},"signature_type":"Function"},{"id":"CVE-2017-7863-ec0be270","source":"https://github.com/ffmpeg/ffmpeg/commit/e477f09d0b3619f3d29173b2cd593e17e2d1978e","digest":{"function_hash":"88211801093252918589128175885575646148","length":5444},"deprecated":false,"signature_version":"v1","target":{"function":"decode_frame_common","file":"libavcodec/pngdec.c"},"signature_type":"Function"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}