Описание
In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 7:3.3.4-1 |
| devel | not-affected | 7:3.3.4-1 |
| esm-apps/bionic | not-affected | 7:3.3.4-1 |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | needs-triage |
Показывать по
EPSS
7.1 High
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop.
In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due ...
In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop.
Уязвимость функции ivr_read_header мультимедийной библиотеки Ffmpeg (libavformat/rmdec.c), позволяющая нарушителю вызвать расходование памяти и отказ в обслуживании
EPSS
7.1 High
CVSS2
6.5 Medium
CVSS3