Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:
- The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer
depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the
avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also
conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name
calls within the ffprobe command-line program.) (CVE-2017-14225)
- In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File)
check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the
header but does not contain sufficient backing data, is provided, the first type==4 loop would consume
huge CPU resources, since there is no EOF check inside the loop. (CVE-2017-14054)
- In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File)
check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large
"nb_frames" field in the header but does not contain sufficient backing data, is provided, the loop over
the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop.
(CVE-2017-14055)
- In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check
might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count"
field in the header but does not contain sufficient backing data, is provided, the loops (for offset and
size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops.
(CVE-2017-14056)
- In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU
and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the
header but does not contain sufficient backing data, is provided, the loops over the name and markers
would consume huge CPU and memory resources, since there is no EOF check inside these loops.
(CVE-2017-14057)
Plugin Details
Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 8/31/2017
Reference Information
CVE: CVE-2017-14054, CVE-2017-14055, CVE-2017-14056, CVE-2017-14057, CVE-2017-14058, CVE-2017-14059, CVE-2017-14169, CVE-2017-14170, CVE-2017-14171, CVE-2017-14222, CVE-2017-14223, CVE-2017-14225
BID: 100626, 100627, 100628, 100629, 100630, 100631, 100692, 100700, 100701, 100703, 100704, 100706