CVE-2017-14056
First published: Thu Aug 31 2017(Updated: )
In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FFmpeg | =3.3.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-14056?
CVE-2017-14056 is classified as a Denial of Service (DoS) vulnerability.
How do I fix CVE-2017-14056?
To fix CVE-2017-14056, update FFmpeg to a version later than 3.3.3 where this vulnerability has been resolved.
What does CVE-2017-14056 affect?
CVE-2017-14056 specifically affects FFmpeg version 3.3.3.
What type of attack does CVE-2017-14056 enable?
CVE-2017-14056 can be exploited to cause excessive CPU and memory usage, leading to a denial of service.
What is the nature of the vulnerability in CVE-2017-14056?
The vulnerability in CVE-2017-14056 stems from a lack of an EOF check in the rl2_read_header function.
- agent/references
- agent/type
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ffmpeg
- canonical/ffmpeg
- version/ffmpeg/3.3.3