AVG-405

Package ffmpeg2.8
Status Fixed
Severity Medium
Type denial of service
Affected 2.8.12-1
Fixed 2.8.13-1
Current Removed
Ticket None
Created Mon Sep 18 14:34:42 2017
Issue Severity Remote Type Description
CVE-2017-14225 Low No Denial of service
The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers...
CVE-2017-14171 Low No Denial of service
In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a...
CVE-2017-14170 Low No Denial of service
In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption....
CVE-2017-14169 Low No Denial of service
In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3, an integer signedness error might occur when a crafted file, which claims a...
CVE-2017-14059 Low No Denial of service
In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims...
CVE-2017-14058 Medium Yes Denial of service
In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to...
CVE-2017-14057 Low No Denial of service
In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file,...
CVE-2017-14056 Low No Denial of service
In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When...
CVE-2017-14055 Low No Denial of service
In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption....
Date Advisory Package Description
28 Sep 2017 ASA-201709-23 ffmpeg2.8 denial of service