CVE-2017-14171

Name of the Vulnerable Software and Affected Versions FFmpeg versions 2.4 through 3.3.3

Description The issue is related to the nsv parse NSVf header function in the libavformat/nsvdec.c file of the FFmpeg multimedia library. It is associated with resource management errors. Exploitation of this issue may allow a remote attacker to cause consumption of computational resources and denial of service using a specially crafted NSV file. This file requires a large value in the table entries used field in the header but does not contain sufficient backing data. As a result, the loop over table entries used consumes significant CPU resources due to the lack of an End of File (EOF) check.

Recommendations For FFmpeg versions 2.4 through 3.3.3, consider disabling the nsv parse NSVf header function as a temporary workaround until a patch is available. Restrict access to NSV files with large table entries used fields in the header to minimize the risk of exploitation. Avoid using NSV files that may trigger the denial of service condition until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.