QwikSec

Security Database

CVE

CWE

Training

CVE-2017-14170

Published: Sep 7, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/FFmpeg/FFmpeg/commit/900f39692ca0337a98a7cf047e4e2611071810c2

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_DEBIAN

https://github.com/FFmpeg/FFmpeg/commit/f173cdfe669556aa92857adafe60cbe5f2aa1210

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.