367 matches found
Heap overflow
The sdpparsefmtpconfigh264 function in libavformat/rtpdech264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service heap buffer overflow or possibly have unspecified other impact via a crafted sdp file...
CVE-2017-14767
The sdpparsefmtpconfigh264 function in libavformat/rtpdech264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service heap buffer overflow or possibly have unspecified other impact via a crafted sdp file...
CVE-2017-14767
FFmpeg vulnerability CVE-2017-14767 affects libavformat/rtpdec_h264.c: the sdp_parse_fmtp_config_h264 function mishandles empty sprop-parameter-sets values in sdp files, allowing remote attackers to trigger a denial of service via a heap buffer overflow. Affected: FFmpeg prior to 3.3.4. Impact: p...
Denial Of Service (DoS) Through CPU Consumption
FFmpeg is vulnerable to denial of service DoS attacks. The library lacks an end of fIle check, allowing a malicious user to pass a MOV file to the readtfra function in libavformat/mov.c to cause a loop that would consume large amounts of CPU and memory...
CVE-2017-14222
In libavformat/mov.c in FFmpeg 3.3.3, a DoS in readtfra due to lack of an EOF End of File check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "itemcount" field in the header but does not contain sufficient backing data, is provided, the loop would...
CVE-2017-14222
In libavformat/mov.c in FFmpeg 3.3.3, a DoS in readtfra due to lack of an EOF End of File check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "itemcount" field in the header but does not contain sufficient backing data, is provided, the loop would...
CVE-2017-14223
In libavformat/asfdecf.c in FFmpeg 3.3.3, a DoS in asfbuildsimpleindex due to lack of an EOF End of File check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would...
Design/Logic Flaw
In libavformat/mov.c in FFmpeg 3.3.3, a DoS in readtfra due to lack of an EOF End of File check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "itemcount" field in the header but does not contain sufficient backing data, is provided, the loop would...
CVE-2017-14223
Technical details about CVE-2017-14223 are not provided in the connected documents. The initial description outlines a DoS in FFmpeg’s asfdec_f.c but no vendor/product/version specifics are given here. Monitor for updates.
CVE-2017-14223
In libavformat/asfdecf.c in FFmpeg 3.3.3, a DoS in asfbuildsimpleindex due to lack of an EOF End of File check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would...
CVE-2017-14222
In libavformat/mov.c in FFmpeg 3.3.3, a DoS in readtfra due to lack of an EOF End of File check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "itemcount" field in the header but does not contain sufficient backing data, is provided, the loop would...
CVE-2017-14223
In libavformat/asfdecf.c in FFmpeg 3.3.3, a DoS in asfbuildsimpleindex due to lack of an EOF End of File check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would...
CVE-2017-14223
In libavformat/asfdecf.c in FFmpeg 3.3.3, a DoS in asfbuildsimpleindex due to lack of an EOF End of File check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would...
CVE-2017-14222
In libavformat/mov.c in FFmpeg 3.3.3, a DoS in readtfra due to lack of an EOF End of File check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "itemcount" field in the header but does not contain sufficient backing data, is provided, the loop would...
CVE-2017-14222
CVE-2017-14222 affects FFmpeg 3.3.3’s libavformat/mov.c, where read_tfra() lacks an EOF check. A crafted MOV file that claims a large item_count but lacks backing data can trigger a loop that consumes excessive CPU and memory, potentially crashing the app. The issue is caused by missing bounds/EO...
FFmpeg libavformat/mxfdec.c File Denial of Service Vulnerability
FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in the libavformat/mxfdec.c file in FFmpeg version 3.3.3, which is caused by the program not adequately detecting EOF End of File. A remote attacker can...
CVE-2017-14169
In the mxfreadprimerpack function in libavformat/mxfdec.c in FFmpeg 3.3.3 - 2.4, an integer signedness error might occur when a crafted file, which claims a large "itemnum" field such as 0xffffffff, is provided. As a result, the variable "itemnum" turns negative, bypassing the check for a large...
CVE-2017-14171
In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsvparseNSVfheader due to lack of an EOF End of File check might cause huge CPU consumption. When a crafted NSV file, which claims a large "tableentriesused" field in the header but does not contain sufficient backing data, is provided, th...
Integer overflow
In the mxfreadprimerpack function in libavformat/mxfdec.c in FFmpeg 3.3.3 - 2.4, an integer signedness error might occur when a crafted file, which claims a large "itemnum" field such as 0xffffffff, is provided. As a result, the variable "itemnum" turns negative, bypassing the check for a large...
CVE-2017-14170
CVE-2017-14170 is a denial-of-service in FFmpeg’s mxf_read_index_entry_array() (libavformat/mxfdec.c) caused by a missing EOF check when a crafted MXF header claims a large nb_index_entries. The issue leads to huge CPU usage and can be triggered by multiple segments in a file. Public advisories (...