From ${URL}: CVE-2017-14054:(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14054) In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop. CVE-2017-14055:(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14055) In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop. CVE-2017-14056:(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14056) In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops. CVE-2017-14057:(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14057) In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops. CVE-2017-14058:(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14058) In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop). CVE-2017-14059:(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14059) In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.
Upstream Patch: CVE-2017-14054 https://github.com/FFmpeg/FFmpeg/commit/124eb202e70678539544f6268efc98131f19fa49 Upstream Patch: CVE-2017-14055 https://github.com/FFmpeg/FFmpeg/commit/4f05e2e2dc1a89f38cd9f0960a6561083d714f1e Upstream Patch: CVE-2017-14056 https://github.com/FFmpeg/FFmpeg/commit/96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de Upstream Patch: CVE-2017-14057 https://github.com/FFmpeg/FFmpeg/commit/7f9ec5593e04827249e7aeb466da06a98a0d7329 Upstream Patch: CVE-2017-14058 https://github.com/FFmpeg/FFmpeg/commit/7ec414892ddcad88313848494b6fc5f437c9ca4a Upstream Patch: CVE-2017-14059 https://github.com/FFmpeg/FFmpeg/commit/7e80b63ecd259d69d383623e75b318bf2bd491f6
@maintainer(s), after bump, please follow procedure to stabilize if needed. Daj'Uan (jmbailey) Gentoo Security Padawan
from http://ffmpeg.org/security.html : 3.3.4 Fixes following vulnerabilities: CVE-2017-14054, 6bd562e04440c48eb79e24c36800791bbb1ba0b6 / 124eb202e70678539544f6268efc98131f19fa49 CVE-2017-14055, e910f15fcbb709c4c7208737a6cc39185b41543b / 4f05e2e2dc1a89f38cd9f0960a6561083d714f1e CVE-2017-14059, 4ff1fcd3caa2e59c3d4cec8e4c64c9ac79b09a1d / 7e80b63ecd259d69d383623e75b318bf2bd491f6 CVE-2017-14058, 305f37e5be009c66e0af3064855c8509aafba719 / 7ec414892ddcad88313848494b6fc5f437c9ca4a CVE-2017-14057, 6447815dfbbe5036c7fa29d285b59896d76f4f9d / 7f9ec5593e04827249e7aeb466da06a98a0d7329 CVE-2017-14225, 5474a7e93b8ea0be1157ac9cf93c1511eccae7b0 / 837cb4325b712ff1aab531bf41668933f61d75d2 CVE-2017-14170, c01f799314c3254a98c415ccf99acd501bdbd9f2 / 900f39692ca0337a98a7cf047e4e2611071810c2 CVE-2017-14056, 8cb0f2c4e55d1d8ba9dbc80dd19ad139d0200c2d / 96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de CVE-2017-14222, d9cf9f5af82228b588828ae2692acccec588fdac / 9cb4eb772839c5e1de2855d126bf74ff16d13382 CVE-2017-14169, 9d3a7c82a669a1a1c8e3904c65ded19e80d16edc / 9d00fb9d70ee8c0cc7002b89318c5be00f1bbdad CVE-2017-14223, b61e5a878c845b8bee1267fdb75c293feb00ae0d / afc9c683ed9db01edb357bc8c19edad4282b3a97 CVE-2017-14171, e6a8d110d7e8e938913a0a85ca933b415f8ed24d / c24bcb553650b91e9eff15ef6e54ca73de2453b7 So I guess they're all there
GLSA Vote: No Cleanup handled in bug #630460
