Bug 1082335 (CVE-2017-11665) - VUL-0: CVE-2017-11665: ffmpeg: denial of service in ff_amf_get_field_value function in libavformat/rtmppkt.c
Summary: VUL-0: CVE-2017-11665: ffmpeg: denial of service in ff_amf_get_field_value fu...
Status: RESOLVED FIXED
Alias: CVE-2017-11665
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Jan Engelhardt
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-02-22 16:01 UTC by Alexander Bergmann
Modified: 2024-04-22 17:15 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2018-02-22 16:01:42 UTC 
CVE-2017-11665

The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream.

References:
https://nvd.nist.gov/vuln/detail/CVE-2017-11665
http://www.debian.org/security/2017/dsa-3957
Comment 1 Jan Engelhardt 2018-03-26 12:13:04 UTC 
fixed in ffcc82219cef0928bed2d558b19ef6ea35634130, fixed since 3.4.
Comment 2 Jan Engelhardt 2018-03-26 12:40:45 UTC 
It was fixed in 3.4, and 42.3 already has ffmpeg 3.4.2.
Comment 3 Swamp Workflow Management 2018-03-26 13:50:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1082335) was mentioned in
https://build.opensuse.org/request/show/591095 Factory / ffmpeg
Comment 5 Swamp Workflow Management 2018-07-18 14:42:36 UTC 
This is an autogenerated message for OBS integration:
This bug (1082335) was mentioned in
https://build.opensuse.org/request/show/623663 15.0+42.3+Backports:SLE-12-SP2 / chromium+codec2+ffmpeg-2+ffmpeg-3+ffmpeg-4+libsodium+libvpx-1_6+zeromq
Comment 7 OBSbugzilla Bot 2024-04-22 14:25:31 UTC 
This is an autogenerated message for OBS integration:
This bug (1082335) was mentioned in
https://build.opensuse.org/request/show/1169676 Backports:SLE-15-SP5 / ffmpeg-4
Comment 8 OBSbugzilla Bot 2024-04-22 17:15:32 UTC 
This is an autogenerated message for OBS integration:
This bug (1082335) was mentioned in
https://build.opensuse.org/request/show/1169721 Backports:SLE-15-SP5 / ffmpeg-4