CVE-2017-14170 (retired)

Priority
Description
In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in
mxf_read_index_entry_array() due to lack of an EOF (End of File) check
might cause huge CPU consumption. When a crafted MXF file, which claims a
large "nb_index_entries" field in the header but does not contain
sufficient backing data, is provided, the loop would consume huge CPU
resources, since there is no EOF check inside the loop. Moreover, this big
loop can be invoked multiple times if there is more than one applicable
data segment in the crafted MXF file.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (7:2.8.14-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (7:3.3.4-1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (7:3.3.4-1)
More Information

Updated: 2019-03-26 12:25:00 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)