In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsvparseNSVfheader() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "tableentriesused" field in the header but does not contain sufficient backing data, is provided, the loop over 'tableentries_used' would consume huge CPU resources, since there is no EOF check inside the loop.
[ { "deprecated": false, "target": { "file": "libavformat/nsvdec.c", "function": "nsv_parse_NSVf_header" }, "signature_type": "Function", "source": "https://github.com/ffmpeg/ffmpeg/commit/c24bcb553650b91e9eff15ef6e54ca73de2453b7", "id": "CVE-2017-14171-352474f8", "digest": { "length": 2647.0, "function_hash": "272674515123442855883014561025808090604" }, "signature_version": "v1" }, { "deprecated": false, "target": { "file": "libavformat/nsvdec.c" }, "signature_type": "Line", "source": "https://github.com/ffmpeg/ffmpeg/commit/c24bcb553650b91e9eff15ef6e54ca73de2453b7", "id": "CVE-2017-14171-942d45fb", "digest": { "line_hashes": [ "163700682919203254672523376235181754336", "313333650659292797870983492868699436327", "104703890762874859995521295993227348633", "77526834729182645364472304687455895246", "57775010657314048499270854018607517522" ], "threshold": 0.9 }, "signature_version": "v1" } ]