CVE-2017-14169 in FFmpeg
Сводка (Английский)
In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value.
Резервировать
07.09.2017
Раскрытие
07.09.2017
Записи
VulDB provides additional information and datapoints for this CVE:
| ИД | Уязвимость | CWE | Экс | Кон | CVE |
|---|---|---|---|---|---|
| 106185 | FFmpeg mxfdec.c mxf_read_primer_pack эскалация привилегий | 20 | Не определено | Официальное исправление | CVE-2017-14169 |