» 2017 » 9월

CVE-2017-14057 (ffmpeg)

Posted on 2017년 9월 1일2017년 9월 5일 by admin

CVE-2017-14057 (ffmpeg)

In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops.

Source: CVE-2017-14057 (ffmpeg)

CVE-2017-14054

Posted on 2017년 9월 1일2017년 9월 1일 by admin

CVE-2017-14054

In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop.

Source: CVE-2017-14054

CVE-2017-14056

Posted on 2017년 9월 1일2017년 9월 1일 by admin

CVE-2017-14056

In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops.

Source: CVE-2017-14056

CVE-2017-14055

Posted on 2017년 9월 1일2017년 9월 1일 by admin

CVE-2017-14055

In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop.

Source: CVE-2017-14055

CVE-2017-14057

Posted on 2017년 9월 1일2017년 9월 1일 by admin

CVE-2017-14057

Source: CVE-2017-14057

CVE-2017-14058

Posted on 2017년 9월 1일2017년 9월 1일 by admin

CVE-2017-14058

In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop).

Source: CVE-2017-14058

CVE-2017-14060

Posted on 2017년 9월 1일2017년 9월 1일 by admin

CVE-2017-14060

In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file.

Source: CVE-2017-14060

CVE-2017-14059

Posted on 2017년 9월 1일2017년 9월 1일 by admin

CVE-2017-14059

In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.

Source: CVE-2017-14059