CVE-2017-14222

Name of the Vulnerable Software and Affected Versions FFmpeg version 3.3.3

Description The issue is related to a lack of an End of File (EOF) check in the read tfra() function, which can cause huge CPU and memory consumption. This occurs when a crafted MOV file with a large item count field in the header but insufficient backing data is processed, leading to a loop that consumes significant resources. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For FFmpeg version 3.3.3, consider applying a patch or updating to a newer version that includes a fix for the read tfra() function to add an EOF check and prevent excessive resource consumption. As a temporary workaround, consider restricting the processing of MOV files with large item count fields to minimize the risk of exploitation.