{"id":"CVE-2017-7865","details":"FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c.","modified":"2026-04-11T04:59:28.669610Z","published":"2017-04-14T04:59:00.587Z","related":["openSUSE-SU-2017:1532-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/97685"},{"type":"ADVISORY","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=452"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00005.html"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/2080bc33717955a0e4268e738acf8c1eeddbf8cb"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ffmpeg/ffmpeg","events":[{"introduced":"0"},{"last_affected":"fb93771072cfcbdd523d9f4bcd7682ee8b7f5578"},{"introduced":"0"},{"last_affected":"140fd653aed8cad774f991ba083e2d01e86420c7"},{"fixed":"2080bc33717955a0e4268e738acf8c1eeddbf8cb"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.8.9"},{"introduced":"0"},{"last_affected":"8.0"}]}}],"versions":["N","n0.11-dev","n0.12-dev","n0.8","n1.1-dev","n1.2-dev","n1.3-dev","n2.0","n2.1-dev","n2.2-dev","n2.3-dev","n2.4-dev","n2.5-dev","n2.6-dev","n2.7-dev","n2.8","n2.8-dev","n2.8.1","n2.8.2","n2.8.3","n2.8.4","n2.8.5","n2.8.6","n2.8.7","n2.8.8","n2.8.9","n2.9-dev","n3.1-dev","n3.2-dev","n3.3-dev","n3.4-dev","n3.5-dev","n4.1-dev","n4.2-dev","n4.3-dev","n4.4-dev","n4.5-dev","n5.1-dev","n5.2-dev","n6.1-dev","n6.2-dev","n7.1-dev","n7.2-dev","n8.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7865.json","vanir_signatures":[{"target":{"file":"libavcodec/utils.c"},"source":"https://github.com/ffmpeg/ffmpeg/commit/2080bc33717955a0e4268e738acf8c1eeddbf8cb","signature_type":"Line","deprecated":false,"signature_version":"v1","id":"CVE-2017-7865-c4e4177a","digest":{"threshold":0.9,"line_hashes":["238136149003659562909550650572816915967","91139429161327622737678191892083395551","182286896989202306312070841058990982703","334861760217788730448989081325727353725","221058239712128894620428724415975829159","289637531222816986114246482333230556530","301501424741688201775197560465811497054","35702785034631936522002868855711845868"]}},{"target":{"function":"avcodec_align_dimensions2","file":"libavcodec/utils.c"},"source":"https://github.com/ffmpeg/ffmpeg/commit/2080bc33717955a0e4268e738acf8c1eeddbf8cb","signature_type":"Function","deprecated":false,"signature_version":"v1","id":"CVE-2017-7865-c6276443","digest":{"length":3991,"function_hash":"47861061437073766454913776647319345382"}}],"vanir_signatures_modified":"2026-04-11T04:59:28Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}