CVE-2017-14223

MEDIUM

FFmpeg 3.3.3 - DoS

Title source: llm

Description

In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.

References (4)

[Third Party Advisory] http://www.debian.org/security/2017/dsa-3996

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/100703

[Issue Tracking, Patch, Third Party Advisory] https://github.com/FFmpeg/FFmpeg/commit/afc9c683ed9db01edb357bc8c19edad4282b3a97

View Patch ZIP pw:eip

[Third Party Advisory] https://lists.debian.org/debian-lts-announce/2019/02/msg00005.html

Scores

CVSS v3 6.5

EPSS 0.0085

EPSS Percentile 74.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-400

Status draft

Affected Products (3)

ffmpeg/ffmpeg

debian/debian_linux

debian/debian_linux

Timeline

Published Sep 09, 2017

Tracked Since Feb 18, 2026