CVE-2017-9255

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions FAAD2 version 2.7

Description The issue is related to the mp4ff read stsc function, which can be exploited by remote attackers to cause a denial of service. This is achieved through a crafted mp4 file, leading to a large loop and significant CPU consumption. The vulnerability is associated with the execution of a cycle without sufficient limitation on the number of its executions.

Recommendations For FAAD2 version 2.7, consider disabling the mp4ff read stsc function as a temporary workaround until a patch is available to prevent the denial of service caused by crafted mp4 files.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-834

Related Identifiers

ALT-PU-2021-1228

ALT-PU-2021-1316

ALT-PU-2021-1341

ALT-PU-2023-1579

BDU:2019-04566

CVE-2017-9255

DLA-1077-1

Affected Products

Alt Linux

Faad2

CVE-2017-9255

Weakness Enumeration

Related Identifiers

Affected Products

References · 105