Medium severity6.5NVD Advisory· Published Sep 7, 2017· Updated Jun 17, 2026

CVE-2017-14170

Description

In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

FFmpeg/Ffmpeg2 versions
cpe:2.3:a:ffmpeg:ffmpeg:3.3.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ffmpeg:ffmpeg:3.3.3:*:*:*:*:*:*:*
- (no CPE)range: 2.4 to 3.3.3
osv-coords
pkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Tumbleweed
Range: < 4.4-5.2

Patches

Vulnerability mechanics

References

github.com/FFmpeg/FFmpeg/commit/900f39692ca0337a98a7cf047e4e2611071810c2nvdIssue TrackingPatchThird Party Advisory
www.debian.org/security/2017/dsa-3996nvd
www.securityfocus.com/bid/100700nvd
github.com/FFmpeg/FFmpeg/commit/f173cdfe669556aa92857adafe60cbe5f2aa1210nvd
lists.debian.org/debian-lts-announce/2019/01/msg00006.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000