CVE-2017-14058

Published: Aug 31, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop).

Affected (1)

Products: Ffmpeg: Ffmpeg

Ffmpeg

1 product

Ffmpeg

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ffmpeg Ffmpeg	Version 3.3.3

Related CWEs

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (10)

http://www.debian.org/security/2017/dsa-3996

Source: cve@mitre.org

http://www.securityfocus.com/bid/100629

Source: cve@mitre.org

https://github.com/FFmpeg/FFmpeg/commit/7ba100d3e6e8b1e5d5342feb960a7f081d6e15af

Source: cve@mitre.org

https://github.com/FFmpeg/FFmpeg/commit/7ec414892ddcad88313848494b6fc5f437c9ca4a

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00041.html

Source: cve@mitre.org

http://www.debian.org/security/2017/dsa-3996