CVE-2017-14169 log
| Source |
|
| Severity | Low |
| Remote | No |
| Type | Denial of service |
| Description | In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-405 | ffmpeg2.8 | 2.8.12-1 | 2.8.13-1 | Medium | Fixed | |
| AVG-400 | ffmpeg | 1:3.3.3-2 | 1:3.3.4-1 | Medium | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 28 Sep 2017 | ASA-201709-23 | AVG-405 | ffmpeg2.8 | Medium | denial of service |
| 15 Sep 2017 | ASA-201709-10 | AVG-400 | ffmpeg | Medium | denial of service |
| References |
|---|
https://github.com/FFmpeg/FFmpeg/commit/9d00fb9d70ee8c0cc7002b89318c5be00f1bbdad |