Denial Of Service (DoS) Through CPU Consumption

FFmpeg is vulnerable to denial of service DoS attacks. The library is missing an end of file check, allowing a malicious user to pass a ASF file to the asfbuildsimpleindex function in libavformat/asfdecf.c to cause a loop that will consume large amounts of CPU and memory...

Design/Logic Flaw

In libavformat/asfdecf.c in FFmpeg 3.3.3, a DoS in asfbuildsimpleindex due to lack of an EOF End of File check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would...

CVE-2017-14223

In libavformat/asfdecf.c in FFmpeg 3.3.3, a DoS in asfbuildsimpleindex due to lack of an EOF End of File check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would...

CVE-2017-14223

Technical details about CVE-2017-14223 are not provided in the connected documents. The initial description outlines a DoS in FFmpeg’s asfdec_f.c but no vendor/product/version specifics are given here. Monitor for updates.

CVE-2017-14223

In libavformat/asfdecf.c in FFmpeg 3.3.3, a DoS in asfbuildsimpleindex due to lack of an EOF End of File check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would...