In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop).
[
{
"digest": {
"function_hash": "307616992488961155689353451593472058202",
"length": 2424.0
},
"target": {
"function": "read_data",
"file": "libavformat/hls.c"
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/ffmpeg/ffmpeg/commit/7ec414892ddcad88313848494b6fc5f437c9ca4a",
"id": "CVE-2017-14058-00bfb969"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"304165080079877529652181346720074499131",
"162067093324696288953250956199808354876",
"14741327823679758051667399565703620663",
"103528835990820388798780638136162256474",
"212210046328153511575685196694234427974",
"176073871505549656761287110408664618383",
"30391042795318001125261069865418981873",
"313142887063955675613583277320037644203",
"199790939807906335678849154372936472953",
"65697736203760585144547338555385364426",
"137674149634999590985749251598179956159",
"224622235900015262281358376059801374555",
"12386283591187879730390212292236685420",
"199246036475103184441872826726779780060",
"115262420892497008388419261859858552489",
"140305884192726122940432131855497107686"
]
},
"target": {
"file": "libavformat/hls.c"
},
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/ffmpeg/ffmpeg/commit/7ba100d3e6e8b1e5d5342feb960a7f081d6e15af",
"id": "CVE-2017-14058-2210bb97"
},
{
"digest": {
"function_hash": "321259516116468729858418046728872710930",
"length": 2068.0
},
"target": {
"function": "read_data",
"file": "libavformat/hls.c"
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/ffmpeg/ffmpeg/commit/7ba100d3e6e8b1e5d5342feb960a7f081d6e15af",
"id": "CVE-2017-14058-22cc831c"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"188304760659666760334610689520730816561",
"276758316171052682441557897754958225397",
"63791673241347399776134849094345201559",
"103528835990820388798780638136162256474",
"212210046328153511575685196694234427974",
"176073871505549656761287110408664618383",
"30391042795318001125261069865418981873",
"313142887063955675613583277320037644203",
"199790939807906335678849154372936472953",
"65697736203760585144547338555385364426",
"60806949653493904052568925773388884442",
"6971350420336912076190345485067875612",
"12386283591187879730390212292236685420",
"199246036475103184441872826726779780060",
"115262420892497008388419261859858552489",
"140305884192726122940432131855497107686"
]
},
"target": {
"file": "libavformat/hls.c"
},
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/ffmpeg/ffmpeg/commit/7ec414892ddcad88313848494b6fc5f437c9ca4a",
"id": "CVE-2017-14058-3227b939"
}
]