CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14171
https://notcve.org/view.php?id=CVE-2017-14171
07 Sep 2017 — In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but does not contain sufficient backing data, is provided, the loop over 'table_entries_used' would consume huge CPU resources, since there is no EOF check inside the loop. En libavformat/nsvdec.c en FFmpeg versión 2.4 y 3.3.3, una denegación de servicio en nsv_parse... • http://www.debian.org/security/2017/dsa-3996 • CWE-834: Excessive Iteration •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14054
https://notcve.org/view.php?id=CVE-2017-14054
31 Aug 2017 — In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop. En libavformat/rmdec.c en FFmpeg 3.3.3, se podría realizar un ataque de denegación de servicio en ivr_read_header() al no haber un chequ... • http://www.debian.org/security/2017/dsa-3996 • CWE-834: Excessive Iteration •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14055
https://notcve.org/view.php?id=CVE-2017-14055
31 Aug 2017 — In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop. En libavformat/mvdec.c in FFmpeg 3.3.3, se podría realizar un ataque de denegación de servicio en mv_read_he... • http://www.debian.org/security/2017/dsa-3996 • CWE-834: Excessive Iteration •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14056
https://notcve.org/view.php?id=CVE-2017-14056
31 Aug 2017 — In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops. En libavformat/rl2.c in FFmpeg 3.3.3, se podría realizar un ataque de denegación de servi... • http://www.debian.org/security/2017/dsa-3996 • CWE-834: Excessive Iteration •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14057
https://notcve.org/view.php?id=CVE-2017-14057
31 Aug 2017 — In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops. En FFmpeg 3.3.3, se podría realizar un ataque de denegación de servicio en asf_read_marker() al no haber ... • http://www.debian.org/security/2017/dsa-3996 • CWE-834: Excessive Iteration •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14058
https://notcve.org/view.php?id=CVE-2017-14058
31 Aug 2017 — In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop). En FFmpeg versiones 2.4 y 3.3.3, la función read_data en libavformat/hls.c no restringe los intentos de recarga de una lista insuficiente, lo que permite a los atacantes remotos causar una denegación de servicio (bucle infinito) • http://www.debian.org/security/2017/dsa-3996 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14059
https://notcve.org/view.php?id=CVE-2017-14059
31 Aug 2017 — In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. En FFmpeg 3.3.3, se podría realizar un ataque de denegación de servicio en cine_read_header() al no haber un chequeo EOF (End Of File) qu... • http://www.debian.org/security/2017/dsa-3996 • CWE-834: Excessive Iteration •
CVSS: 9.8EPSS: 5%CPEs: 5EXPL: 0CVE-2005-4048
https://notcve.org/view.php?id=CVE-2005-4048
07 Dec 2005 — Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes. • http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •