CVE-2017-9257
Description
A crafted MP4 file causes a large loop in FAAD2 2.7's mp4ff_read_ctts function, leading to CPU exhaustion and denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A crafted MP4 file causes a large loop in FAAD2 2.7's mp4ff_read_ctts function, leading to CPU exhaustion and denial of service.
Vulnerability
The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) version 2.7 contains a flaw that allows a remote attacker to cause a denial of service via a crafted MP4 file. Processing such a file triggers an excessively large loop, resulting in high CPU consumption. [1]
Exploitation
An attacker can exploit this vulnerability by crafting a malicious MP4 file that, when parsed by an application using FAAD2 2.7 (such as the faad command-line decoder), triggers the mp4ff_read_ctts function to enter an infinite or very large loop. No authentication or special network position is required; the attack only depends on the victim parsing the malicious file. [1]
Impact
Successful exploitation leads to a denial of service: the decoder process consumes excessive CPU resources, potentially causing application hang or system slowdown. No information disclosure, code execution, or privilege escalation is indicated. [1]
Mitigation
As of the disclosure date, FAAD2 2.7 is the affected version with no patch available. Users should exercise caution when parsing untrusted MP4 files and consider using alternative decoders or waiting for a patched release. [1]
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- cpe:2.3:a:audiocoding:freeware_advanced_audio_decoder_2:2.7:*:*:*:*:*:*:*
- Range: = 2.7
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing upper-bound validation on `ctts_entry_count` read from the MP4 file allows an attacker-controlled value to drive an unbounded loop in `mp4ff_read_ctts`."
Attack vector
An attacker crafts a malicious MP4 file with an excessively large `ctts_entry_count` value in the `ctts` atom [ref_id=1]. When FAAD2's `mp4ff_read_ctts` function parses this file, it enters a loop that iterates `ctts_entry_count` times, each iteration reading two 32-bit integers from the file [ref_id=1]. This causes a large loop and excessive CPU consumption, leading to a denial of service [CWE-834] [ref_id=1]. The attack requires no authentication and is triggered when a user opens the crafted file with FAAD2.
Affected code
The vulnerable function is `mp4ff_read_ctts` in `common/mp4ff/mp4atom.c` of FAAD2 2.7 [ref_id=1]. The function reads `ctts_entry_count` directly from the MP4 file without any upper-bound validation, then uses that value as the loop bound for a `for` loop that reads sample count and offset pairs [ref_id=1].
What the fix does
The advisory does not include a patch or specific remediation guidance [ref_id=1]. To close the vulnerability, the `mp4ff_read_ctts` function should validate `ctts_entry_count` against a reasonable upper bound before using it as a loop limit, and should also check that the file contains enough remaining data to satisfy the claimed number of entries [CWE-834]. Without such validation, an attacker can set an arbitrarily large entry count to cause excessive looping and CPU exhaustion.
Preconditions
- inputThe victim must open a crafted MP4 file with FAAD2
- authNo authentication required
- networkLocal access required (user opens file)
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- seclists.org/fulldisclosure/2017/Jun/32nvdMailing ListThird Party Advisory
News mentions
0No linked articles in our index yet.