CVE-2017-14223

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-14223

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14223.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-14223

Related

Published

2017-09-09T01:29:02Z

Modified

2024-10-28T23:59:00.336266Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In libavformat/asfdecf.c in FFmpeg 3.3.3, a DoS in asfbuildsimpleindex() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.

References

Affected packages

Alpine:v3.4 / ffmpeg

Package

Name: ffmpeg
Purl: pkg:apk/alpine/ffmpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.11-r0

Affected versions

0.*

0.5-r0

0.6-r0

0.6-r1

0.6-r2

0.6.1-r0

0.6.1-r1

0.6.2-r0

0.6.2-r1

0.6.2-r2

0.6.3-r0

0.6.3-r1

0.6.3-r2

0.8-r0

0.8.1-r0

0.8.2-r0

0.8.3-r0

0.8.4-r0

0.8.5-r0

0.8.5-r1

0.8.6-r0

0.8.7-r0

0.9-r0

0.9.1-r0

0.10-r0

0.10-r1

0.10-r2

0.10.2-r0

0.11-r0

0.11.1-r0

0.11.1-r1

0.11.2-r1

1.*

1.0-r0

1.0-r1

1.0-r2

1.0.1-r0

1.0.1-r1

1.1-r1

1.1.2-r1

1.1.2-r2

1.1.2-r3

1.1.3-r0

1.1.4-r0

1.2-r0

1.2-r1

1.2.1-r0

1.2.2-r0

1.2.4-r0

2.*

2.0.2-r0

2.1-r0

2.1.1-r0

2.1.3-r0

2.1.4-r0

2.2-r0

2.2.2-r0

2.2.3-r0

2.2.4-r0

2.2.4-r1

2.2.4-r2

2.2.4-r3

2.3-r0

2.3.1-r0

2.3.2-r0

2.3.3-r0

2.3.4-r0

2.3.4-r1

2.3.4-r2

2.3.5-r0

2.5.1-r0

2.5.2-r0

2.5.2-r1

2.5.3-r0

2.5.4-r0

2.6.1-r0

2.6.2-r0

2.6.2-r1

2.6.2-r2

2.6.3-r0

2.7-r0

2.7.1-r0

2.7.1-r1

2.7.2-r0

2.8-r0

2.8-r1

2.8-r2

2.8.1-r0

2.8.2-r0

2.8.2-r1

2.8.3-r0

2.8.5-r0

3.*

3.0.1-r0

3.0.2-r0

3.0.2-r1

3.0.7-r0

Alpine:v3.5 / ffmpeg

Package

Name: ffmpeg
Purl: pkg:apk/alpine/ffmpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.11-r0

Affected versions

0.*

0.5-r0

0.6-r0

0.6-r1

0.6-r2

0.6.1-r0

0.6.1-r1

0.6.2-r0

0.6.2-r1

0.6.2-r2

0.6.3-r0

0.6.3-r1

0.6.3-r2

0.8-r0

0.8.1-r0

0.8.2-r0

0.8.3-r0

0.8.4-r0

0.8.5-r0

0.8.5-r1

0.8.6-r0

0.8.7-r0

0.9-r0

0.9.1-r0

0.10-r0

0.10-r1

0.10-r2

0.10.2-r0

0.11-r0

0.11.1-r0

0.11.1-r1

0.11.2-r1

1.*

1.0-r0

1.0-r1

1.0-r2

1.0.1-r0

1.0.1-r1

1.1-r1

1.1.2-r1

1.1.2-r2

1.1.2-r3

1.1.3-r0

1.1.4-r0

1.2-r0

1.2-r1

1.2.1-r0

1.2.2-r0

1.2.4-r0

2.*

2.0.2-r0

2.1-r0

2.1.1-r0

2.1.3-r0

2.1.4-r0

2.2-r0

2.2.2-r0

2.2.3-r0

2.2.4-r0

2.2.4-r1

2.2.4-r2

2.2.4-r3

2.3-r0

2.3.1-r0

2.3.2-r0

2.3.3-r0

2.3.4-r0

2.3.4-r1

2.3.4-r2

2.3.5-r0

2.5.1-r0

2.5.2-r0

2.5.2-r1

2.5.3-r0

2.5.4-r0

2.6.1-r0

2.6.2-r0

2.6.2-r1

2.6.2-r2

2.6.3-r0

2.7-r0

2.7.1-r0

2.7.1-r1

2.7.2-r0

2.8-r0

2.8-r1

2.8-r2

2.8.1-r0

2.8.2-r0

2.8.2-r1

2.8.3-r0

2.8.5-r0

3.*

3.0.1-r0

3.0.2-r0

3.0.2-r1

3.1-r0

3.1.1-r0

3.1.2-r0

3.1.3-r0

3.1.4-r0

3.1.6-r0

3.1.7-r0

Alpine:v3.6 / ffmpeg

Package

Name: ffmpeg
Purl: pkg:apk/alpine/ffmpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.8-r0

Affected versions

0.*

0.5-r0

0.6-r0

0.6-r1

0.6-r2

0.6.1-r0

0.6.1-r1

0.6.2-r0

0.6.2-r1

0.6.2-r2

0.6.3-r0

0.6.3-r1

0.6.3-r2

0.8-r0

0.8.1-r0

0.8.2-r0

0.8.3-r0

0.8.4-r0

0.8.5-r0

0.8.5-r1

0.8.6-r0

0.8.7-r0

0.9-r0

0.9.1-r0

0.10-r0

0.10-r1

0.10-r2

0.10.2-r0

0.11-r0

0.11.1-r0

0.11.1-r1

0.11.2-r1

1.*

1.0-r0

1.0-r1

1.0-r2

1.0.1-r0

1.0.1-r1

1.1-r1

1.1.2-r1

1.1.2-r2

1.1.2-r3

1.1.3-r0

1.1.4-r0

1.2-r0

1.2-r1

1.2.1-r0

1.2.2-r0

1.2.4-r0

2.*

2.0.2-r0

2.1-r0

2.1.1-r0

2.1.3-r0

2.1.4-r0

2.2-r0

2.2.2-r0

2.2.3-r0

2.2.4-r0

2.2.4-r1

2.2.4-r2

2.2.4-r3

2.3-r0

2.3.1-r0

2.3.2-r0

2.3.3-r0

2.3.4-r0

2.3.4-r1

2.3.4-r2

2.3.5-r0

2.5.1-r0

2.5.2-r0

2.5.2-r1

2.5.3-r0

2.5.4-r0

2.6.1-r0

2.6.2-r0

2.6.2-r1

2.6.2-r2

2.6.3-r0

2.7-r0

2.7.1-r0

2.7.1-r1

2.7.2-r0

2.8-r0

2.8-r1

2.8-r2

2.8.1-r0

2.8.2-r0

2.8.2-r1

2.8.3-r0

2.8.5-r0

3.*

3.0.1-r0

3.0.2-r0

3.0.2-r1

3.1-r0

3.1.1-r0

3.1.2-r0

3.1.3-r0

3.1.4-r0

3.1.6-r0

3.2.2-r0

3.2.2-r1

3.2.4-r0

3.2.4-r1

3.2.6-r0

Alpine:v3.7 / ffmpeg

Package

Name: ffmpeg
Purl: pkg:apk/alpine/ffmpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3.4-r0

Affected versions

0.*

0.5-r0

0.6-r0

0.6-r1

0.6-r2

0.6.1-r0

0.6.1-r1

0.6.2-r0

0.6.2-r1

0.6.2-r2

0.6.3-r0

0.6.3-r1

0.6.3-r2

0.8-r0

0.8.1-r0

0.8.2-r0

0.8.3-r0

0.8.4-r0

0.8.5-r0

0.8.5-r1

0.8.6-r0

0.8.7-r0

0.9-r0

0.9.1-r0

0.10-r0

0.10-r1

0.10-r2

0.10.2-r0

0.11-r0

0.11.1-r0

0.11.1-r1

0.11.2-r1

1.*

1.0-r0

1.0-r1

1.0-r2

1.0.1-r0

1.0.1-r1

1.1-r1

1.1.2-r1

1.1.2-r2

1.1.2-r3

1.1.3-r0

1.1.4-r0

1.2-r0

1.2-r1

1.2.1-r0

1.2.2-r0

1.2.4-r0

2.*

2.0.2-r0

2.1-r0

2.1.1-r0

2.1.3-r0

2.1.4-r0

2.2-r0

2.2.2-r0

2.2.3-r0

2.2.4-r0

2.2.4-r1

2.2.4-r2

2.2.4-r3

2.3-r0

2.3.1-r0

2.3.2-r0

2.3.3-r0

2.3.4-r0

2.3.4-r1

2.3.4-r2

2.3.5-r0

2.5.1-r0

2.5.2-r0

2.5.2-r1

2.5.3-r0

2.5.4-r0

2.6.1-r0

2.6.2-r0

2.6.2-r1

2.6.2-r2

2.6.3-r0

2.7-r0

2.7.1-r0

2.7.1-r1

2.7.2-r0

2.8-r0

2.8-r1

2.8-r2

2.8.1-r0

2.8.2-r0

2.8.2-r1

2.8.3-r0

2.8.5-r0

3.*

3.0.1-r0

3.0.2-r0

3.0.2-r1

3.1-r0

3.1.1-r0

3.1.2-r0

3.1.3-r0

3.1.4-r0

3.1.6-r0

3.2.2-r0

3.2.2-r1

3.2.4-r0

3.2.4-r1

3.2.4-r2

3.2.5-r0

3.3.2-r0

3.3.3-r0

Debian:11 / ffmpeg

Package

Name: ffmpeg
Purl: pkg:deb/debian/ffmpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7:3.3.4-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / ffmpeg

Package

Name: ffmpeg
Purl: pkg:deb/debian/ffmpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7:3.3.4-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / ffmpeg

Package

Name: ffmpeg
Purl: pkg:deb/debian/ffmpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7:3.3.4-1

Ecosystem specific

{
    "urgency": "low"
}

Git / git.ffmpeg.org/ffmpeg.git

Affected ranges

Type: GIT
Repo: https://git.ffmpeg.org/ffmpeg.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

9079c70d2095643af6954001d0627445650b85a6

Type: GIT
Repo: https://github.com/ffmpeg/ffmpeg
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

afc9c683ed9db01edb357bc8c19edad4282b3a97

Affected versions

Other

n0.*

n0.11-dev

n0.12-dev

n0.8

n1.*

n1.1-dev

n1.2-dev

n1.3-dev

n2.*

n2.0

n2.1-dev

n2.2-dev

n2.3-dev

n2.4-dev

n2.5-dev

n2.6-dev

n2.7-dev

n2.8-dev

n2.9-dev

n3.*

n3.1-dev

n3.2-dev

n3.3

n3.3-dev

n3.3.1

n3.3.2

n3.3.3

n3.4-dev