Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2017-14222

In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.

Related bugs and status

CVE-2017-14222 (Candidate) is related to these bugs:

Bug #1697785: Update to 2.8.14 in Xenial

Summary				In	Importance	Status
	1697785	Update to 2.8.14 in Xenial		ffmpeg (Ubuntu)	Undecided	Invalid
	1697785	Update to 2.8.14 in Xenial		ffmpeg (Ubuntu Xenial)	Undecided	Fix Released

Bug #1721249: ffmpeg artful update to 3.3.4

Summary				In	Importance	Status
	1721249	ffmpeg artful update to 3.3.4		ffmpeg (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://github.com/FFm...
BID: 100701
DEBIAN: DSA-3996