Candidate: CVE-2017-14055
PublicDate: 2017-08-31 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055
Description:
 In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to
 lack of an EOF (End of File) check might cause huge CPU and memory
 consumption. When a crafted MV file, which claims a large "nb_frames" field
 in the header but does not contain sufficient backing data, is provided,
 the loop over the frames would consume huge CPU and memory resources, since
 there is no EOF check inside the loop.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Xiaohei and Wangchu
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]

Patches_ffmpeg:
 other: https://github.com/FFmpeg/FFmpeg/commit/4f05e2e2dc1a89f38cd9f0960a6561083d714f1e
upstream_ffmpeg: needs-triage
precise/esm_ffmpeg: DNE
trusty_ffmpeg: DNE
trusty/esm_ffmpeg: DNE
vivid/ubuntu-core_ffmpeg: DNE
xenial_ffmpeg: released (7:2.8.14-0ubuntu0.16.04.1)
zesty_ffmpeg: ignored (reached end-of-life)
artful_ffmpeg: ignored (reached end-of-life)
bionic_ffmpeg: not-affected (7:3.3.4-1)
devel_ffmpeg: not-affected (7:3.3.4-1)