CVE-2017-14222 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	No
Type	Denial of service
Description	In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-406	ffmpeg2.8	2.8.13-3		Low	Unknown
AVG-400	ffmpeg	1:3.3.3-2	1:3.3.4-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
15 Sep 2017	ASA-201709-10	AVG-400	ffmpeg	Medium	denial of service

References
https://github.com/FFmpeg/FFmpeg/commit/9cb4eb772839c5e1de2855d126bf74ff16d13382