QwikSec

Security Database

CVE

CWE

Training

CVE-2017-14767

Published: Sep 27, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/FFmpeg/FFmpeg/commit/c42a1388a6d1bfd8001bf6a4241d8ca27e49326d

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.