CVE-2017-14055 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	No
Type	Denial of service
Description	In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-405	ffmpeg2.8	2.8.12-1	2.8.13-1	Medium	Fixed
AVG-400	ffmpeg	1:3.3.3-2	1:3.3.4-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
28 Sep 2017	ASA-201709-23	AVG-405	ffmpeg2.8	Medium	denial of service
15 Sep 2017	ASA-201709-10	AVG-400	ffmpeg	Medium	denial of service

References
https://github.com/FFmpeg/FFmpeg/commit/4f05e2e2dc1a89f38cd9f0960a6561083d714f1e