Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
Bug 630436 (CVE-2017-14222, CVE-2017-14223) - <media-video/ffmpeg-3.3.4: lack of an EOF check might cause huge CPU consumption
Summary: <media-video/ffmpeg-3.3.4: lack of an EOF check might cause huge CPU consumption
Status: RESOLVED FIXED
Alias: CVE-2017-14222, CVE-2017-14223
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-09-09 02:47 UTC by Aleksandr Wagner (Kivak)
Modified: 2017-10-26 00:44 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Aleksandr Wagner (Kivak) 2017-09-09 02:47:50 UTC
CVE-2017-14222 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222):

In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. 

References:

https://github.com/FFmpeg/FFmpeg/commit/9cb4eb772839c5e1de2855d126bf74ff16d13382

CVE-2017-14223 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223):

In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. 

References:

https://github.com/FFmpeg/FFmpeg/commit/afc9c683ed9db01edb357bc8c19edad4282b3a97
Comment 1 Alexis Ballier gentoo-dev 2017-09-19 21:57:31 UTC
the relevant commit is applied to 3.3.4 that can go stable
Comment 2 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2017-10-25 00:23:19 UTC
stabilization is occurring in bug #630460
Comment 3 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2017-10-26 00:44:27 UTC
GLSA Vote: No

Cleanup handled in bug #630460