Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-14222

Опубликовано: 09 сент. 2017
Источник: ubuntu
Приоритет: low
CVSS2: 7.1
CVSS3: 6.5

Описание

In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.

РелизСтатусПримечание
artful

ignored

end of life
bionic

not-affected

7:3.3.4-1
cosmic

not-affected

7:3.3.4-1
devel

not-affected

7:3.3.4-1
esm-apps/bionic

not-affected

7:3.3.4-1
esm-apps/xenial

released

7:2.8.14-0ubuntu0.16.04.1
esm-infra-legacy/trusty

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

not-affected

code not present
precise/esm

DNE

trusty

not-affected

code not present
trusty/esm

not-affected

code not present
upstream

needs-triage

vivid/ubuntu-core

DNE

Показывать по

Ссылки на источники

7.1 High

CVSS2

6.5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2017-14222

CVSS3: 6.5
nvd
больше 8 лет назад

In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.

debian логотип

CVE-2017-14222

CVSS3: 6.5
debian
больше 8 лет назад

In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack ...

github логотип

GHSA-h246-95j7-6pm6

CVSS3: 6.5
github
больше 3 лет назад

In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.

fstec логотип

BDU:2017-02298

CVSS3: 6.5
fstec
больше 8 лет назад

Уязвимость функции read_tfra() мультимедийной библиотеки FFmpeg (libavformat/mov.c), позволяющая нарушителю вызвать отказ в обслуживании

suse-cvrf логотип

openSUSE-SU-2017:2501-1

suse-cvrf
больше 8 лет назад

Security update for ffmpeg, ffmpeg2

7.1 High

CVSS2

6.5 Medium

CVSS3