CVE-2017-14225

2017-09-09T08:29:00
ID CVE-2017-14225
Type cve
Reporter cve@mitre.org
Modified 2017-11-04T01:29:00

Description

The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.)