CVE-2017-14056

Name of the Vulnerable Software and Affected Versions FFmpeg version 3.3.3

Description The issue is related to a lack of an EOF (End of File) check in the rl2 read header() function, which can cause huge CPU and memory consumption. This occurs when a crafted RL2 file with a large frame count field in the header but insufficient backing data is provided. The loops for offset and size tables consume significant CPU and memory resources due to the absence of an EOF check.

Recommendations For FFmpeg version 3.3.3, consider applying a patch or updating to a newer version that includes a fix for the rl2 read header() function to add an EOF check and prevent excessive resource consumption. As a temporary workaround, consider restricting the use of the rl2 read header() function or limiting the processing of RL2 files with large frame count fields to minimize the risk of exploitation.