Vulnerability Details : CVE-2017-14170

In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file.
Published 2017-09-07 06:29:00
Updated 2021-01-04 19:15:13
Source MITRE
View at NVD,   CVE.org
Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2017-14170

Probability of exploitation activity in the next 30 days: 0.21%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 58 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-14170

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
7.1
 HIGH AV:N/AC:M/Au:N/C:N/I:N/A:C
8.6
6.9
 NIST
6.5
 MEDIUM CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2.8
3.6
 NIST

CWE ids for CVE-2017-14170

  • The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.
    Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-14170

Products affected by CVE-2017-14170

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close