Medium severity6.5NVD Advisory· Published Aug 31, 2017· Updated Jun 17, 2026

CVE-2017-14056

Description

In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

FFmpeg/Ffmpeg2 versions
cpe:2.3:a:ffmpeg:ffmpeg:3.3.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ffmpeg:ffmpeg:3.3.3:*:*:*:*:*:*:*
- (no CPE)range: =3.3.3
osv-coords
pkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Tumbleweed
Range: < 4.4-5.2

Patches

Vulnerability mechanics

References

github.com/FFmpeg/FFmpeg/commit/96f24d1bee7fe7bac08e2b7c74db1a046c9dc0denvdPatchThird Party Advisory
www.debian.org/security/2017/dsa-3996nvd
www.securityfocus.com/bid/100628nvd
lists.debian.org/debian-lts-announce/2019/01/msg00006.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000