Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-14169

Опубликовано: 07 сент. 2017
Источник: nvd
CVSS3: 8.8
CVSS2: 6.8
EPSS Низкий

Описание

In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:ffmpeg:ffmpeg:3.3.3:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 47%
0.00237
Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2017-14169

CVSS3: 8.8
ubuntu
почти 8 лет назад

In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value.

debian логотип

CVE-2017-14169

CVSS3: 8.8
debian
почти 8 лет назад

In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg ...

github логотип

GHSA-299h-fjc8-vhf6

CVSS3: 8.8
github
больше 3 лет назад

In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value.

suse-cvrf логотип

openSUSE-SU-2017:2501-1

suse-cvrf
почти 8 лет назад

Security update for ffmpeg, ffmpeg2

suse-cvrf логотип

openSUSE-SU-2017:2502-1

suse-cvrf
почти 8 лет назад

Security update for ffmpeg, ffmpeg2

EPSS

Процентиль: 47%
0.00237
Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-20