High severity8.8NVD Advisory· Published Sep 7, 2017· Updated Jun 17, 2026
CVE-2017-14169
CVE-2017-14169
Description
In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5Patches
Vulnerability mechanics
References
5- github.com/FFmpeg/FFmpeg/commit/9d00fb9d70ee8c0cc7002b89318c5be00f1bbdadnvdIssue TrackingPatchThird Party Advisory
- www.debian.org/security/2017/dsa-3996nvdThird Party Advisory
- www.securityfocus.com/bid/100692nvdThird Party AdvisoryVDB Entry
- lists.debian.org/debian-lts-announce/2019/02/msg00005.htmlnvdThird Party Advisory
- github.com/FFmpeg/FFmpeg/commit/a4e85b2e1c8d5b4bf0091157bbdeb0e457fb7b8fnvd
News mentions
0No linked articles in our index yet.