Main Vulnerability Database Vulnerabilities #VU110559

NULL pointer dereference in FFmpeg - CVE-2017-17555

Published: August 13, 2018 / Updated: June 8, 2025

Vulnerability identifier: #VU110559

CSH Severity: Medium

CVSS v4.0:

CVE-ID: CVE-2017-17555

CWE-ID: CWE-476

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: ffmpeg.sourceforge.net

Affected software:
FFmpeg

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted audio file.

How to mitigate CVE-2017-17555

Install update from vendor's website.

Sources

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html
https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md

NULL pointer dereference in FFmpeg - CVE-2017-17555

Detailed vulnerability description

How to mitigate CVE-2017-17555

Sources

Please verify you're human