VDB

CVE-2017-14054

CVE-2017-14054 PUBLISHED

Reported by mitre · Published August 31, 2017

In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop.

Affected Products

VendorProductVersions
n/an/an/a
alpineffmpeg0, 0, 0
n/an/an/a, n/a
alpineffmpeg40, 0, 0

Timeline

  • Aug 31, 2017 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • May 2, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score

References

  • 100627 vdb-entryx_refsource_BID
  • x_refsource_CONFIRM
  • DSA-3996 vendor-advisoryx_refsource_DEBIAN
Open in Interactive Console →
$ Console Community · 100/wk Open console ›