SB2017092817 - Arch Linux update for ffmpeg2.8

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017092817

SB2017092817 - Arch Linux update for ffmpeg2.8

Published: September 28, 2017 Updated: September 28, 2017

Security Bulletin ID SB2017092817
CSH Severity
High
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 22% Medium 78%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 vulnerabilities.


1) Input validation error (CVE-ID: CVE-2017-14055)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop.


2) Input validation error (CVE-ID: CVE-2017-14056)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops.


3) Input validation error (CVE-ID: CVE-2017-14057)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops.


4) Infinite loop (CVE-ID: CVE-2017-14058)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop).


5) Input validation error (CVE-ID: CVE-2017-14059)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.


6) Input validation error (CVE-ID: CVE-2017-14169)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value.


7) Input validation error (CVE-ID: CVE-2017-14170)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file.


8) Input validation error (CVE-ID: CVE-2017-14171)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but does not contain sufficient backing data, is provided, the loop over 'table_entries_used' would consume huge CPU resources, since there is no EOF check inside the loop.


9) NULL pointer dereference (CVE-ID: CVE-2017-14225)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program. A remote attacker can perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References