CVE-2017-14225

Name of the Vulnerable Software and Affected Versions FFmpeg version 3.3.3

Description The issue arises from the av color primaries name function in libavutil/pixdesc.c, which may return a NULL pointer based on a value in a file. However, callers of this function, such as avcodec string in libavcodec/utils.c, do not expect this outcome, leading to a NULL pointer dereference. This could potentially have security implications, especially in the context of the ffprobe command-line program.

Recommendations For FFmpeg version 3.3.3, consider avoiding the use of the av color primaries name function until a fix is available, or apply any available patches to resolve the NULL pointer dereference issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.