ffmpeg

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Complete solution to record, convert and stream audio and video
Version 1:4.0.2-2 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-516 1:3.4-5 1:3.4.1-1 Medium Fixed
AVG-400 1:3.3.3-2 1:3.3.4-1 Medium Fixed
AVG-172 1:3.2.3-1 1:3.2.4-1 Critical Fixed
AVG-41 1:3.1.3-3 Low Not affected
Issue Group Severity Remote Type Description
CVE-2017-5025 AVG-172 Critical Yes Arbitrary code execution
A heap overflow flaw was found in FFmpeg < 3.2.4.
CVE-2017-5024 AVG-172 Critical Yes Arbitrary code execution
A heap overflow flaw was found in FFmpeg < 3.2.4.
CVE-2017-16840 AVG-516 Medium Yes Denial of service
The VC-2 Video Compression encoder in FFmpeg 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer...
CVE-2017-14225 AVG-400 Low No Denial of service
The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers...
CVE-2017-14223 AVG-400 Low No Denial of service
In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption....
CVE-2017-14222 AVG-400 Low No Denial of service
In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a...
CVE-2017-14171 AVG-400 Low No Denial of service
In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a...
CVE-2017-14170 AVG-400 Low No Denial of service
In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption....
CVE-2017-14169 AVG-400 Low No Denial of service
In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3, an integer signedness error might occur when a crafted file, which claims a...
CVE-2017-14059 AVG-400 Low No Denial of service
In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims...
CVE-2017-14058 AVG-400 Medium Yes Denial of service
In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to...
CVE-2017-14057 AVG-400 Low No Denial of service
In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file,...
CVE-2017-14056 AVG-400 Low No Denial of service
In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When...
CVE-2017-14055 AVG-400 Low No Denial of service
In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption....
CVE-2017-14054 AVG-400 Low No Denial of service
In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a...
CVE-2016-7554 AVG-41 Low No Arbitrary code execution
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was...

Advisories

Date Advisory Group Severity Description
15 Sep 2017 ASA-201709-10 AVG-400 Medium denial of service
12 Feb 2017 ASA-201702-10 AVG-172 Critical arbitrary code execution