CVE-2017-14225 log
| Source |
|
| Severity | Low |
| Remote | No |
| Type | Denial of service |
| Description | The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-405 | ffmpeg2.8 | 2.8.12-1 | 2.8.13-1 | Medium | Fixed | |
| AVG-400 | ffmpeg | 1:3.3.3-2 | 1:3.3.4-1 | Medium | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 28 Sep 2017 | ASA-201709-23 | AVG-405 | ffmpeg2.8 | Medium | denial of service |
| 15 Sep 2017 | ASA-201709-10 | AVG-400 | ffmpeg | Medium | denial of service |
| References |
|---|
https://github.com/FFmpeg/FFmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2 |