Candidate: CVE-2017-14057
PublicDate: 2017-08-31 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057
Description:
 In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of
 File) check might cause huge CPU and memory consumption. When a crafted ASF
 file, which claims a large "name_len" or "count" field in the header but
 does not contain sufficient backing data, is provided, the loops over the
 name and markers would consume huge CPU and memory resources, since there
 is no EOF check inside these loops.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]

Patches_ffmpeg:
 other: https://github.com/FFmpeg/FFmpeg/commit/7f9ec5593e04827249e7aeb466da06a98a0d7329
upstream_ffmpeg: needs-triage
precise/esm_ffmpeg: DNE
trusty_ffmpeg: DNE
trusty/esm_ffmpeg: DNE
vivid/ubuntu-core_ffmpeg: DNE
xenial_ffmpeg: released (7:2.8.14-0ubuntu0.16.04.1)
zesty_ffmpeg: ignored (reached end-of-life)
artful_ffmpeg: ignored (reached end-of-life)
bionic_ffmpeg: not-affected (7:3.3.4-1)
devel_ffmpeg: not-affected (7:3.3.4-1)