{"id":"CVE-2017-14058","details":"In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop).","modified":"2026-04-16T06:20:12.516126366Z","published":"2017-08-31T15:29:00.450Z","related":["openSUSE-SU-2024:10754-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00041.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/100629"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3996"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/7ec414892ddcad88313848494b6fc5f437c9ca4a"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/7ba100d3e6e8b1e5d5342feb960a7f081d6e15af"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ffmpeg/ffmpeg","events":[{"introduced":"0"},{"last_affected":"9079c70d2095643af6954001d0627445650b85a6"},{"fixed":"7ba100d3e6e8b1e5d5342feb960a7f081d6e15af"},{"fixed":"7ec414892ddcad88313848494b6fc5f437c9ca4a"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.3.3"}]}}],"versions":["N","n0.11-dev","n0.12-dev","n0.8","n1.1-dev","n1.2-dev","n1.3-dev","n2.0","n2.1-dev","n2.2-dev","n2.3-dev","n2.4","n2.4-dev","n2.4.1","n2.4.10","n2.4.11","n2.4.12","n2.4.13","n2.4.2","n2.4.3","n2.4.4","n2.4.5","n2.4.6","n2.4.7","n2.4.8","n2.4.9","n2.5-dev","n2.6-dev","n2.7-dev","n2.8-dev","n2.9-dev","n3.1-dev","n3.2-dev","n3.3","n3.3-dev","n3.3.1","n3.3.2","n3.3.3","n3.4-dev"],"database_specific":{"vanir_signatures_modified":"2026-04-11T04:47:40Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14058.json","vanir_signatures":[{"digest":{"length":2424,"function_hash":"307616992488961155689353451593472058202"},"id":"CVE-2017-14058-00bfb969","deprecated":false,"target":{"file":"libavformat/hls.c","function":"read_data"},"signature_type":"Function","source":"https://github.com/ffmpeg/ffmpeg/commit/7ec414892ddcad88313848494b6fc5f437c9ca4a","signature_version":"v1"},{"digest":{"line_hashes":["304165080079877529652181346720074499131","162067093324696288953250956199808354876","14741327823679758051667399565703620663","103528835990820388798780638136162256474","212210046328153511575685196694234427974","176073871505549656761287110408664618383","30391042795318001125261069865418981873","313142887063955675613583277320037644203","199790939807906335678849154372936472953","65697736203760585144547338555385364426","137674149634999590985749251598179956159","224622235900015262281358376059801374555","12386283591187879730390212292236685420","199246036475103184441872826726779780060","115262420892497008388419261859858552489","140305884192726122940432131855497107686"],"threshold":0.9},"target":{"file":"libavformat/hls.c"},"deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://github.com/ffmpeg/ffmpeg/commit/7ba100d3e6e8b1e5d5342feb960a7f081d6e15af","id":"CVE-2017-14058-2210bb97"},{"digest":{"length":2068,"function_hash":"321259516116468729858418046728872710930"},"id":"CVE-2017-14058-22cc831c","deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://github.com/ffmpeg/ffmpeg/commit/7ba100d3e6e8b1e5d5342feb960a7f081d6e15af","target":{"file":"libavformat/hls.c","function":"read_data"}},{"digest":{"line_hashes":["188304760659666760334610689520730816561","276758316171052682441557897754958225397","63791673241347399776134849094345201559","103528835990820388798780638136162256474","212210046328153511575685196694234427974","176073871505549656761287110408664618383","30391042795318001125261069865418981873","313142887063955675613583277320037644203","199790939807906335678849154372936472953","65697736203760585144547338555385364426","60806949653493904052568925773388884442","6971350420336912076190345485067875612","12386283591187879730390212292236685420","199246036475103184441872826726779780060","115262420892497008388419261859858552489","140305884192726122940432131855497107686"],"threshold":0.9},"target":{"file":"libavformat/hls.c"},"id":"CVE-2017-14058-3227b939","signature_version":"v1","signature_type":"Line","source":"https://github.com/ffmpeg/ffmpeg/commit/7ec414892ddcad88313848494b6fc5f437c9ca4a","deprecated":false}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}