ALT-PU-2017-2226-1

BDU:2017-02085

HIGH7.1

Уязвимость функции nsv_parse_NSVf_header в компоненте nsvdec.c (libavformat/nsvdec.c) мультимедийной библиотеки FFmpeg, позволяющая нарушителю вызвать расход вычислительных ресурсов и отказ в обслуживании

Published: 2017-09-15Modified: 2021-03-23

CVSS 2.0HIGH 7.1

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C

References

CVE-2017-14171

BDU:2017-02086

HIGH7.1

Уязвимость функции mxf_read_index_entry_array (libavformat/mxfdec.c) мультимедийной библиотеки FFmpeg, позволяющая нарушителю вызвать расход вычислительных ресурсов и отказ в обслуживании

Published: 2017-09-15Modified: 2021-03-23

CVSS 2.0HIGH 7.1

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C

References

CVE-2017-14170

BDU:2017-02089

HIGH7.1

Уязвимость функции cine_read_header мультимедийной библиотеки FFmpeg, позволяющая нарушителю вызвать расходование памяти и отказ в обслуживании

Published: 2017-09-15Modified: 2021-03-23

CVSS 2.0HIGH 7.1

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C

References

BDU:2017-02090

HIGH7.1

Уязвимость функции asf_read_marker мультимедийной библиотеки FFmpeg, позволяющая нарушителю вызвать расходование памяти и отказ в обслуживании

Published: 2017-09-15Modified: 2021-03-23

CVSS 2.0HIGH 7.1

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C

References

BDU:2017-02091

HIGH7.1

Уязвимость функции rl2_read_header мультимедийной библиотеки Ffmpeg (libavformat/rl2.c), позволяющая нарушителю вызвать расходование памяти и отказ в обслуживании

Published: 2017-09-15Modified: 2021-03-23

CVSS 2.0HIGH 7.1

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C

References

BDU:2017-02092

HIGH7.1

Уязвимость функции mv_read_header мультимедийной библиотеки Ffmpeg (libavformat/mvdec.c), позволяющая нарушителю вызвать расходование памяти и отказ в обслуживании

Published: 2017-09-15Modified: 2021-03-23

CVSS 2.0HIGH 7.1

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C

References

BDU:2017-02093

HIGH7.1

Уязвимость функции ivr_read_header мультимедийной библиотеки Ffmpeg (libavformat/rmdec.c), позволяющая нарушителю вызвать расходование памяти и отказ в обслуживании

Published: 2017-09-15Modified: 2021-03-23

CVSS 2.0HIGH 7.1

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C

References

BDU:2017-02297

MEDIUM6.5

Уязвимость функции asf_build_simple_index() мультимедийной библиотеки FFmpeg (libavformat/asfdec_f.c), позволяющая нарушителю вызвать отказ в обслуживании

Published: 2017-10-26Modified: 2021-03-23

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS 2.0HIGH 7.1

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C

References

BDU:2017-02298

MEDIUM6.5

Уязвимость функции read_tfra() мультимедийной библиотеки FFmpeg (libavformat/mov.c), позволяющая нарушителю вызвать отказ в обслуживании

Published: 2017-10-26Modified: 2021-03-23

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS 2.0HIGH 7.1

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C

References

CVE-2017-14054

MEDIUM6.5

In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop.

Published: 2017-08-31Modified: 2025-04-20

CVSS 2.0HIGH 7.1

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

CVE-2017-14055

MEDIUM6.5

In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop.

Published: 2017-08-31Modified: 2025-04-20

CVSS 2.0HIGH 7.1

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

CVE-2017-14056

MEDIUM6.5

In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops.

Published: 2017-08-31Modified: 2025-04-20

CVSS 2.0HIGH 7.1

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

CVE-2017-14057

MEDIUM6.5

In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops.

Published: 2017-08-31Modified: 2025-04-20

CVSS 2.0HIGH 7.1

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

CVE-2017-14058

MEDIUM6.5

In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop).

Published: 2017-08-31Modified: 2025-04-20

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

CVE-2017-14059

MEDIUM6.5

In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.

Published: 2017-08-31Modified: 2025-04-20

CVSS 2.0HIGH 7.1

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

CVE-2017-14169

HIGH8.8

In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value.

Published: 2017-09-07Modified: 2025-04-20

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2017-14170

MEDIUM6.5

In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file.

Published: 2017-09-07Modified: 2025-04-20

CVSS 2.0HIGH 7.1

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

CVE-2017-14171

MEDIUM6.5

In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but does not contain sufficient backing data, is provided, the loop over 'table_entries_used' would consume huge CPU resources, since there is no EOF check inside the loop.

Published: 2017-09-07Modified: 2025-04-20

CVSS 2.0HIGH 7.1

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

CVE-2017-14222

MEDIUM6.5

In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.

Published: 2017-09-09Modified: 2025-04-20

CVSS 2.0HIGH 7.1

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

CVE-2017-14223

MEDIUM6.5

In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.

Published: 2017-09-09Modified: 2025-04-20

CVSS 2.0HIGH 7.1

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

CVE-2017-14225

HIGH8.8

The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.)

Published: 2017-09-09Modified: 2025-04-20

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2017-14767

HIGH8.8

The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file.

Published: 2017-09-27Modified: 2025-04-20

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Package update ffmpeg in branch sisyphus

Closed issues (22)

Уязвимость функции cine_read_header мультимедийной библиотеки FFmpeg, позволяющая нарушителю вызвать расходование памяти и отказ в обслуживании

Уязвимость функции asf_read_marker мультимедийной библиотеки FFmpeg, позволяющая нарушителю вызвать расходование памяти и отказ в обслуживании

Уязвимость функции rl2_read_header мультимедийной библиотеки Ffmpeg (libavformat/rl2.c), позволяющая нарушителю вызвать расходование памяти и отказ в обслуживании

Уязвимость функции mv_read_header мультимедийной библиотеки Ffmpeg (libavformat/mvdec.c), позволяющая нарушителю вызвать расходование памяти и отказ в обслуживании

Уязвимость функции ivr_read_header мультимедийной библиотеки Ffmpeg (libavformat/rmdec.c), позволяющая нарушителю вызвать расходование памяти и отказ в обслуживании

Уязвимость функции asf_build_simple_index() мультимедийной библиотеки FFmpeg (libavformat/asfdec_f.c), позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции read_tfra() мультимедийной библиотеки FFmpeg (libavformat/mov.c), позволяющая нарушителю вызвать отказ в обслуживании

In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop).

The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file.