Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2017-14223

In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.

Related bugs and status

CVE-2017-14223 (Candidate) is related to these bugs:

Bug #1697785: Update to 2.8.14 in Xenial

Summary				In	Importance	Status
	1697785	Update to 2.8.14 in Xenial		ffmpeg (Ubuntu)	Undecided	Invalid
	1697785	Update to 2.8.14 in Xenial		ffmpeg (Ubuntu Xenial)	Undecided	Fix Released

Bug #1721249: ffmpeg artful update to 3.3.4

Summary				In	Importance	Status
	1721249	ffmpeg artful update to 3.3.4		ffmpeg (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://github.com/FFm...
BID: 100703
DEBIAN: DSA-3996
MLIST: [debian-lts-announce] ...