vulnerability
SUSE: CVE-2017-14222: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:N/I:N/A:C) | Sep 8, 2017 | Sep 16, 2017 | Feb 4, 2022 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:C)
Published
Sep 8, 2017
Added
Sep 16, 2017
Modified
Feb 4, 2022
Description
In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.
Solution(s)
suse-upgrade-ffmpegsuse-upgrade-libavcodec-develsuse-upgrade-libavcodec57suse-upgrade-libavdevice57suse-upgrade-libavfilter6suse-upgrade-libavformat-develsuse-upgrade-libavformat57suse-upgrade-libavresample-develsuse-upgrade-libavresample3suse-upgrade-libavutil-develsuse-upgrade-libavutil55suse-upgrade-libpostproc-develsuse-upgrade-libpostproc54suse-upgrade-libswresample-develsuse-upgrade-libswresample2suse-upgrade-libswscale-develsuse-upgrade-libswscale4
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.