CVE-2017-14225

Source
Severity Low
Remote No
Type Denial of service
Description
The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference.
Group Package Affected Fixed Severity Status Ticket
AVG-405 ffmpeg2.8 2.8.12-1 2.8.13-1 Medium Fixed
AVG-400 ffmpeg 1:3.3.3-2 1:3.3.4-1 Medium Fixed
Date Advisory Group Package Severity Description
28 Sep 2017 ASA-201709-23 AVG-405 ffmpeg2.8 Medium denial of service
15 Sep 2017 ASA-201709-10 AVG-400 ffmpeg Medium denial of service
References
https://github.com/FFmpeg/FFmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2