CVE-2017-14170 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	No
Type	Denial of service
Description	In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-405	ffmpeg2.8	2.8.12-1	2.8.13-1	Medium	Fixed
AVG-400	ffmpeg	1:3.3.3-2	1:3.3.4-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
28 Sep 2017	ASA-201709-23	AVG-405	ffmpeg2.8	Medium	denial of service
15 Sep 2017	ASA-201709-10	AVG-400	ffmpeg	Medium	denial of service

References
https://github.com/FFmpeg/FFmpeg/commit/900f39692ca0337a98a7cf047e4e2611071810c2