CVE-2017-14056 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	No
Type	Denial of service
Description	In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-405	ffmpeg2.8	2.8.12-1	2.8.13-1	Medium	Fixed
AVG-400	ffmpeg	1:3.3.3-2	1:3.3.4-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
28 Sep 2017	ASA-201709-23	AVG-405	ffmpeg2.8	Medium	denial of service
15 Sep 2017	ASA-201709-10	AVG-400	ffmpeg	Medium	denial of service

References
https://github.com/FFmpeg/FFmpeg/commit/96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de