Published: 07/09/2017 Updated: 04/01/2021

CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 632

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ffmpeg ffmpeg 3.3.3

In libavformat/mxfdecc in FFmpeg 333, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since th ...

CWE-834 https://github.com/FFmpeg/FFmpeg/commit/900f39692ca0337a98a7cf047e4e2611071810c2 http://www.securityfocus.com/bid/100700 http://www.debian.org/security/2017/dsa-3996 https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html https://github.com/FFmpeg/FFmpeg/commit/f173cdfe669556aa92857adafe60cbe5f2aa1210 https://nvd.nist.gov https://security.archlinux.org/CVE-2017-14170

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-14170

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect