PT-2017-2584 · FFmpeg+1 · Ffmpeg+1

Jundong Xie

Publicado

2017-07-27

Atualizado

2024-06-15

CVE-2017-11665

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions FFmpeg version 3.3.2

Description The issue allows remote RTMP servers to cause a denial of service, resulting in a Segmentation Violation and application crash, via a crafted stream. This is due to insufficient input validation in the ff amf get field value function in libavformat/rtmppkt.c.

Recommendations For FFmpeg version 3.3.2, consider updating to a newer version that addresses the issue with the ff amf get field value function. As a temporary workaround, restrict access to RTMP servers to minimize the risk of exploitation.

Exploit

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2017-1960

BDU:2017-01797

CVE-2017-11665

DSA-3957-1

MGASA-2018-0008

OPENSUSE-SU-2024:10754-1

Produtos afetados

Alt Linux

Ffmpeg

PT-2017-2584 · FFmpeg+1 · Ffmpeg+1

CVE-2017-11665

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 78