Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2017-14171

In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but does not contain sufficient backing data, is provided, the loop over 'table_entries_used' would consume huge CPU resources, since there is no EOF check inside the loop.

Related bugs and status

CVE-2017-14171 (Candidate) is related to these bugs:

Bug #1697785: Update to 2.8.14 in Xenial

Summary				In	Importance	Status
	1697785	Update to 2.8.14 in Xenial		ffmpeg (Ubuntu)	Undecided	Invalid
	1697785	Update to 2.8.14 in Xenial		ffmpeg (Ubuntu Xenial)	Undecided	Fix Released

Bug #1721249: ffmpeg artful update to 3.3.4

Summary				In	Importance	Status
	1721249	ffmpeg artful update to 3.3.4		ffmpeg (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://github.com/FFm...
BID: 100706
DEBIAN: DSA-3996
MLIST: [debian-lts-announce] ...