Zhang Hongliang (Wangchu)

2 exploits Active since Sep 2017
CVE-2017-14169 WRITEUP HIGH WRITEUP
FFmpeg 2.4-3.3.3 - Integer Signedness Error in MXF Primer Pack Parser
In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value.
CVSS 8.8
CVE-2017-14171 WRITEUP MEDIUM WRITEUP
FFmpeg 2.4 and 3.3.3 - Denial of Service via NSV Header Parsing
In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but does not contain sufficient backing data, is provided, the loop over 'table_entries_used' would consume huge CPU resources, since there is no EOF check inside the loop.
CVSS 6.5