CVE-2017-14057

Name of the Vulnerable Software and Affected Versions FFmpeg version 3.3.3

Description The issue is related to a lack of an End of File (EOF) check in the asf read marker() function, which can cause significant CPU and memory consumption. This occurs when a crafted ASF file with a large "name len" or "count" field in the header but insufficient backing data is processed, leading to loops over the name and markers consuming huge resources.

Recommendations For FFmpeg version 3.3.3, consider disabling the asf read marker() function as a temporary workaround until a patch is available to prevent potential denial-of-service attacks. Restrict access to ASF files with large "name len" or "count" fields to minimize the risk of exploitation. Avoid using the name len and count fields in the ASF file header until the issue is resolved.