VulnerableCode Package Details - pkg:alpm/archlinux/ffmpeg@1:3.3.4-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-7dn2-r1a7-aaae	In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file.	CVE-2017-14170
VCID-8u2m-qhwh-aaaf	In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value.	CVE-2017-14169
VCID-bzw7-6zte-aaap	In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops.	CVE-2017-14057
VCID-dz27-wtfq-aaas	In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.	CVE-2017-14223
VCID-g8n8-s1a4-aaaf	In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.	CVE-2017-14222
VCID-gj7w-e6y9-aaap	In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop).	CVE-2017-14058
VCID-m98q-kzrc-aaac	In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops.	CVE-2017-14056
VCID-nc25-w5ga-aaah	In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.	CVE-2017-14059
VCID-sa36-epvb-aaam	In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop.	CVE-2017-14054
VCID-trtj-axhb-aaak	In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but does not contain sufficient backing data, is provided, the loop over 'table_entries_used' would consume huge CPU resources, since there is no EOF check inside the loop.	CVE-2017-14171
VCID-uy5s-m45w-aaah	In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop.	CVE-2017-14055
VCID-xabt-8jr6-aaag	The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.)	CVE-2017-14225

Vulnerability

Summary

Aliases

VCID-7dn2-r1a7-aaae

In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file.

CVE-2017-14170

VCID-8u2m-qhwh-aaaf

In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value.

CVE-2017-14169

VCID-bzw7-6zte-aaap

In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops.

CVE-2017-14057

VCID-dz27-wtfq-aaas

In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.

CVE-2017-14223

VCID-g8n8-s1a4-aaaf

In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.

CVE-2017-14222

VCID-gj7w-e6y9-aaap

In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop).

CVE-2017-14058

VCID-m98q-kzrc-aaac

In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops.

CVE-2017-14056

VCID-nc25-w5ga-aaah

In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.

CVE-2017-14059

VCID-sa36-epvb-aaam

In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop.

CVE-2017-14054

VCID-trtj-axhb-aaak

In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but does not contain sufficient backing data, is provided, the loop over 'table_entries_used' would consume huge CPU resources, since there is no EOF check inside the loop.

CVE-2017-14171

VCID-uy5s-m45w-aaah

In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop.

CVE-2017-14055

VCID-xabt-8jr6-aaag

The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.)

CVE-2017-14225

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:46:57.791999+00:00	Arch Linux Importer	Fixing	VCID-sa36-epvb-aaam	https://security.archlinux.org/AVG-400	36.0.0
2025-03-28T07:46:57.757930+00:00	Arch Linux Importer	Fixing	VCID-uy5s-m45w-aaah	https://security.archlinux.org/AVG-400	36.0.0
2025-03-28T07:46:57.724236+00:00	Arch Linux Importer	Fixing	VCID-m98q-kzrc-aaac	https://security.archlinux.org/AVG-400	36.0.0
2025-03-28T07:46:57.691958+00:00	Arch Linux Importer	Fixing	VCID-bzw7-6zte-aaap	https://security.archlinux.org/AVG-400	36.0.0
2025-03-28T07:46:57.657928+00:00	Arch Linux Importer	Fixing	VCID-gj7w-e6y9-aaap	https://security.archlinux.org/AVG-400	36.0.0
2025-03-28T07:46:57.624378+00:00	Arch Linux Importer	Fixing	VCID-nc25-w5ga-aaah	https://security.archlinux.org/AVG-400	36.0.0
2025-03-28T07:46:57.591500+00:00	Arch Linux Importer	Fixing	VCID-8u2m-qhwh-aaaf	https://security.archlinux.org/AVG-400	36.0.0
2025-03-28T07:46:57.560275+00:00	Arch Linux Importer	Fixing	VCID-7dn2-r1a7-aaae	https://security.archlinux.org/AVG-400	36.0.0
2025-03-28T07:46:57.530304+00:00	Arch Linux Importer	Fixing	VCID-trtj-axhb-aaak	https://security.archlinux.org/AVG-400	36.0.0
2025-03-28T07:46:57.496009+00:00	Arch Linux Importer	Fixing	VCID-g8n8-s1a4-aaaf	https://security.archlinux.org/AVG-400	36.0.0
2025-03-28T07:46:57.475276+00:00	Arch Linux Importer	Fixing	VCID-dz27-wtfq-aaas	https://security.archlinux.org/AVG-400	36.0.0
2025-03-28T07:46:57.454967+00:00	Arch Linux Importer	Fixing	VCID-xabt-8jr6-aaag	https://security.archlinux.org/AVG-400	36.0.0
2024-09-18T02:02:19.203416+00:00	Arch Linux Importer	Fixing	VCID-sa36-epvb-aaam	https://security.archlinux.org/AVG-400	34.0.1
2024-09-18T02:02:19.178781+00:00	Arch Linux Importer	Fixing	VCID-uy5s-m45w-aaah	https://security.archlinux.org/AVG-400	34.0.1
2024-09-18T02:02:19.150966+00:00	Arch Linux Importer	Fixing	VCID-m98q-kzrc-aaac	https://security.archlinux.org/AVG-400	34.0.1
2024-09-18T02:02:19.123364+00:00	Arch Linux Importer	Fixing	VCID-bzw7-6zte-aaap	https://security.archlinux.org/AVG-400	34.0.1
2024-09-18T02:02:19.094354+00:00	Arch Linux Importer	Fixing	VCID-gj7w-e6y9-aaap	https://security.archlinux.org/AVG-400	34.0.1
2024-09-18T02:02:19.068097+00:00	Arch Linux Importer	Fixing	VCID-nc25-w5ga-aaah	https://security.archlinux.org/AVG-400	34.0.1
2024-09-18T02:02:19.044868+00:00	Arch Linux Importer	Fixing	VCID-8u2m-qhwh-aaaf	https://security.archlinux.org/AVG-400	34.0.1
2024-09-18T02:02:19.022830+00:00	Arch Linux Importer	Fixing	VCID-7dn2-r1a7-aaae	https://security.archlinux.org/AVG-400	34.0.1
2024-09-18T02:02:18.999037+00:00	Arch Linux Importer	Fixing	VCID-trtj-axhb-aaak	https://security.archlinux.org/AVG-400	34.0.1
2024-09-18T02:02:18.973942+00:00	Arch Linux Importer	Fixing	VCID-g8n8-s1a4-aaaf	https://security.archlinux.org/AVG-400	34.0.1
2024-09-18T02:02:18.951259+00:00	Arch Linux Importer	Fixing	VCID-dz27-wtfq-aaas	https://security.archlinux.org/AVG-400	34.0.1
2024-09-18T02:02:18.928638+00:00	Arch Linux Importer	Fixing	VCID-xabt-8jr6-aaag	https://security.archlinux.org/AVG-400	34.0.1
2024-01-03T22:28:20.993571+00:00	Arch Linux Importer	Fixing	VCID-sa36-epvb-aaam	https://security.archlinux.org/AVG-400	34.0.0rc1
2024-01-03T22:28:20.966748+00:00	Arch Linux Importer	Fixing	VCID-uy5s-m45w-aaah	https://security.archlinux.org/AVG-400	34.0.0rc1
2024-01-03T22:28:20.942334+00:00	Arch Linux Importer	Fixing	VCID-m98q-kzrc-aaac	https://security.archlinux.org/AVG-400	34.0.0rc1
2024-01-03T22:28:20.918647+00:00	Arch Linux Importer	Fixing	VCID-bzw7-6zte-aaap	https://security.archlinux.org/AVG-400	34.0.0rc1
2024-01-03T22:28:20.894969+00:00	Arch Linux Importer	Fixing	VCID-gj7w-e6y9-aaap	https://security.archlinux.org/AVG-400	34.0.0rc1
2024-01-03T22:28:20.871242+00:00	Arch Linux Importer	Fixing	VCID-nc25-w5ga-aaah	https://security.archlinux.org/AVG-400	34.0.0rc1
2024-01-03T22:28:20.847475+00:00	Arch Linux Importer	Fixing	VCID-8u2m-qhwh-aaaf	https://security.archlinux.org/AVG-400	34.0.0rc1
2024-01-03T22:28:20.824147+00:00	Arch Linux Importer	Fixing	VCID-7dn2-r1a7-aaae	https://security.archlinux.org/AVG-400	34.0.0rc1
2024-01-03T22:28:20.800604+00:00	Arch Linux Importer	Fixing	VCID-trtj-axhb-aaak	https://security.archlinux.org/AVG-400	34.0.0rc1
2024-01-03T22:28:20.777035+00:00	Arch Linux Importer	Fixing	VCID-g8n8-s1a4-aaaf	https://security.archlinux.org/AVG-400	34.0.0rc1
2024-01-03T22:28:20.753483+00:00	Arch Linux Importer	Fixing	VCID-dz27-wtfq-aaas	https://security.archlinux.org/AVG-400	34.0.0rc1
2024-01-03T22:28:20.724300+00:00	Arch Linux Importer	Fixing	VCID-xabt-8jr6-aaag	https://security.archlinux.org/AVG-400	34.0.0rc1

2025-03-28T07:46:57.791999+00:00

Arch Linux Importer

Fixing