Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 632134 (CVE-2017-14767)

Summary: <media-video/ffmpeg-3.3.4: mishandled empty sprop-parameter-sets values cause denial of service
Product: Gentoo Security Reporter: Aleksandr Wagner (Kivak) <alwag>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: media-video
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: ---
Bug Depends on: 630460    
Bug Blocks:    

Description Aleksandr Wagner (Kivak) 2017-09-27 11:34:18 UTC
CVE-2017-14767 (

The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file. 

Comment 1 Aleksandr Wagner (Kivak) 2017-09-27 11:35:40 UTC
Stabilization will occur on bug 630460.
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2017-10-26 00:45:45 UTC
GLSA Vote: No

Cleanup handled in bug #630460