DescriptionIn FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
|National Vulnerability Database|
- openSUSE-SU-2017:2501-1, published Sat, 16 Sep 2017 00:09:50 +0200 (CEST)
- openSUSE-SU-2017:2502-1, published Sat, 16 Sep 2017 00:12:39 +0200 (CEST)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Leap 42.2|| ||Patchnames:
|openSUSE Leap 42.3|| ||Patchnames: