CVE-2017-14059

Name of the Vulnerable Software and Affected Versions FFmpeg version 3.3.3

Description The issue is related to a lack of an EOF check in the cine read header() function, which can cause huge CPU and memory consumption. This occurs when a crafted CINE file with a large "duration" field in the header but insufficient backing data is provided, leading to excessive resource usage by the image-offset parsing loop. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For FFmpeg version 3.3.3, consider disabling the cine read header() function until a patch is available to prevent potential denial of service attacks. Restrict access to CINE files with large "duration" fields to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.