EUVD-2017-5571

Malware in sbrugna...

Arbitrary Code Execution

ffmpeg is vulnerable to arbitrary code execution. The vulnerability exists as the avcolorprimariesname function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodecstring...

CVE-2017-14225

The avcolorprimariesname function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodecstring function in libavcodec/utils.c, leading to a NULL pointer dereference. It is also...

CVE-2017-14222

CVE-2017-14222 affects FFmpeg 3.3.3’s libavformat/mov.c, where read_tfra() lacks an EOF check. A crafted MOV file that claims a large item_count but lacks backing data can trigger a loop that consumes excessive CPU and memory, potentially crashing the app. The issue is caused by missing bounds/EO...

CVE-2017-14170

In libavformat/mxfdec.c in FFmpeg 3.3.3 - 2.4, a DoS in mxfreadindexentryarray due to lack of an EOF End of File check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nbindexentries" field in the header but does not contain sufficient backing data, is provided, th...

CVE-2017-14170

In libavformat/mxfdec.c in FFmpeg 3.3.3 - 2.4, a DoS in mxfreadindexentryarray due to lack of an EOF End of File check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nbindexentries" field in the header but does not contain sufficient backing data, is provided, th...

Integer overflow

In the mxfreadprimerpack function in libavformat/mxfdec.c in FFmpeg 3.3.3 - 2.4, an integer signedness error might occur when a crafted file, which claims a large "itemnum" field such as 0xffffffff, is provided. As a result, the variable "itemnum" turns negative, bypassing the check for a large...

CVE-2017-14169

CVE-2017-14169 affects FFmpeg/libavformat: specifically the mxf_read_primer_pack function in libavformat/mxfdec.c. The description documents an integer signedness error when a crafted MXF file provides a large item_num (e.g., 0xffffffff), causing item_num to become negative and bypassing the chec...

CVE-2017-14055

In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mvreadheader due to lack of an EOF End of File check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nbframes" field in the header but does not contain sufficient backing data, is provided, the loop over t...

UBUNTU-CVE-2017-14057

In FFmpeg 3.3.3, a DoS in asfreadmarker due to lack of an EOF End of File check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "namelen" or "count" field in the header but does not contain sufficient backing data, is provided, the loops over the name an...

Design/Logic Flaw

In FFmpeg 3.3.3, a DoS in asfreadmarker due to lack of an EOF End of File check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "namelen" or "count" field in the header but does not contain sufficient backing data, is provided, the loops over the name an...

CVE-2017-14056

CVE-2017-14056 affects FFmpeg 3.3.3 in libavformat/rl2.c: rl2_read_header() lacks an End-of-File check for crafted RL2 files claiming a large frame_count, leading to loops that can exhaust CPU and memory. Impact: potential remote DoS via heavy resource consumption when parsing malicious RL2 strea...