CVE-2017-14057
First published: Thu Aug 31 2017(Updated: )
In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FFmpeg | =3.3.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-14057?
CVE-2017-14057 is classified as a high severity vulnerability due to its potential for causing denial of service through high CPU and memory consumption.
How do I fix CVE-2017-14057?
To fix CVE-2017-14057, upgrade to a patched version of FFmpeg beyond 3.3.3 that addresses the vulnerability.
What software is affected by CVE-2017-14057?
CVE-2017-14057 affects FFmpeg version 3.3.3.
What type of attack does CVE-2017-14057 enable?
CVE-2017-14057 enables denial of service attacks by allowing crafted ASF files to consume excessive CPU and memory resources.
Can CVE-2017-14057 be exploited remotely?
Yes, CVE-2017-14057 can be exploited remotely by sending specially crafted ASF files to the affected system.
- agent/references
- agent/type
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ffmpeg
- canonical/ffmpeg
- version/ffmpeg/3.3.3