CVE-2017-14223

MEDIUM Year: 2017
CVSS v3 Score
6.5
Medium
CVSS v2 Score
7.1
High
Weakness Type
CWE-400
View all →

Vulnerability Description

In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.

Related Vulnerabilities

CVE-2006-6017

MEDIUM
CVSS:6.5(Medium)

WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application cr...

CWE-4002006

CVE-2011-1459

MEDIUM
CVSS:6.5(Medium)

The WebKit::WebPluginContainerImpl::handleEvent function in Google Chrome before Blink M11 allows an attacker to cause a denial of service (crash) via the htmlpluginelement.cpp plugin.

CWE-4002011

CVE-2012-0260

MEDIUM
CVSS:6.5(Medium)

The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of res...

CWE-4002012

CVE-2012-4863

MEDIUM
CVSS:6.5(Medium)

IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability

CWE-4002012

CVE-2014-3672

MEDIUM
CVSS:6.5(Medium)

The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.

CWE-4002014

CVE-2014-7813

MEDIUM
CVSS:6.5(Medium)

Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack o...

CWE-4002014