CVE-2017-14223

Name of the Vulnerable Software and Affected Versions FFmpeg version 3.3.3

Description The issue is related to a lack of an End of File (EOF) check in the asf build simple index() function, which can cause huge CPU consumption. This occurs when a crafted ASF file with a large "ict" field in the header but insufficient backing data is processed, leading to a loop that consumes significant CPU and memory resources.

Recommendations For FFmpeg version 3.3.3, consider applying a patch or fix that adds an EOF check to the asf build simple index() function to prevent excessive CPU consumption. As a temporary workaround, consider restricting the processing of ASF files with large "ict" fields in the header to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.