CVE-2017-14055

Name of the Vulnerable Software and Affected Versions FFmpeg version 3.3.3

Description The issue is related to a lack of an End of File (EOF) check in the mv read header() function, which can cause huge CPU and memory consumption. This occurs when a crafted MV file with a large nb frames field in the header but insufficient backing data is provided, leading to a loop that consumes significant resources. The exploitation of this issue may allow a remote attacker to cause a denial of service by exhausting memory and CPU resources.

Recommendations For FFmpeg version 3.3.3, consider applying a patch or updating to a newer version that includes a fix for the mv read header() function to add an EOF check, preventing excessive resource consumption. As a temporary workaround, consider restricting the use of the mv read header() function or limiting the processing of MV files with large nb frames fields to minimize the risk of exploitation.