Medium severity6.5NVD Advisory· Published Aug 31, 2017· Updated May 13, 2026

CVE-2017-14058

Description

In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop).

Affected products

FFmpeg/Ffmpeg
cpe:2.3:a:ffmpeg:ffmpeg:3.3.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/FFmpeg/FFmpeg/commit/7ec414892ddcad88313848494b6fc5f437c9ca4anvdPatchThird Party Advisory
www.debian.org/security/2017/dsa-3996nvd
www.securityfocus.com/bid/100629nvd
github.com/FFmpeg/FFmpeg/commit/7ba100d3e6e8b1e5d5342feb960a7f081d6e15afnvd
lists.debian.org/debian-lts-announce/2019/03/msg00041.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000