7.1

CVE-2017-14222

EPSS 0.42%
Veröffentlicht 09.09.2017 01:29:02
Zuletzt bearbeitet 13.05.2026 00:24:29
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ffmpeg ≫ Ffmpeg Version3.3.3

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.42%	0.588

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	7.1	8.6	6.9	AV:N/AC:M/Au:N/C:N/I:N/A:C

CWE-834 Excessive Iteration

The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

http://www.debian.org/security/2017/dsa-3996

http://www.securityfocus.com/bid/100701

Third Party Advisory

VDB Entry

https://github.com/FFmpeg/FFmpeg/commit/9cb4eb772839c5e1de2855d126bf74ff16d13382

Patch

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-14222

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-14222

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-14222

EUVD