{"id":"CVE-2017-14054","details":"In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large \"len\" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop.","modified":"2026-04-11T04:47:39.715225Z","published":"2017-08-31T15:29:00.247Z","related":["openSUSE-SU-2024:10754-1"],"references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/100627"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3996"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/124eb202e70678539544f6268efc98131f19fa49"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ffmpeg/ffmpeg","events":[{"introduced":"0"},{"last_affected":"9079c70d2095643af6954001d0627445650b85a6"},{"fixed":"124eb202e70678539544f6268efc98131f19fa49"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.3.3"}]}}],"versions":["N","n0.11-dev","n0.12-dev","n0.8","n1.1-dev","n1.2-dev","n1.3-dev","n2.0","n2.1-dev","n2.2-dev","n2.3-dev","n2.4-dev","n2.5-dev","n2.6-dev","n2.7-dev","n2.8-dev","n2.9-dev","n3.1-dev","n3.2-dev","n3.3","n3.3-dev","n3.3.1","n3.3.2","n3.3.3","n3.4-dev"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14054.json","vanir_signatures":[{"id":"CVE-2017-14054-0fa15e86","source":"https://github.com/ffmpeg/ffmpeg/commit/124eb202e70678539544f6268efc98131f19fa49","digest":{"threshold":0.9,"line_hashes":["234032054447535025478726622637781525984","123352030564568524941742042316477844946","117292502487100815111164887830115694020","167331368778348808159532095529755586265","213900236681013805180364471646869887864"]},"signature_version":"v1","signature_type":"Line","deprecated":false,"target":{"file":"libavformat/rmdec.c"}},{"id":"CVE-2017-14054-afe9400b","source":"https://github.com/ffmpeg/ffmpeg/commit/124eb202e70678539544f6268efc98131f19fa49","digest":{"length":3843,"function_hash":"131383091143261345982428874803280954829"},"signature_version":"v1","signature_type":"Function","deprecated":false,"target":{"file":"libavformat/rmdec.c","function":"ivr_read_header"}}],"vanir_signatures_modified":"2026-04-11T04:47:39Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}