Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/ffmpeg@3.3.4-r0?arch=aarch64&distroversion=v3.7&reponame=main

Type apk

Namespace alpine

Name ffmpeg

Version 3.3.4-r0

Qualifiers

arch	aarch64
distroversion	v3.7
reponame	main

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1bpu-gwhz-2bf4

vulnerability_id VCID-1bpu-gwhz-2bf4

summary In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-14222

reference_id

reference_type

scores

value	0.00476
scoring_system	epss
scoring_elements	0.65219
published_at	2026-06-04T12:55:00Z

value	0.00476
scoring_system	epss
scoring_elements	0.65261
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-14222

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767

reference_url	https://security.archlinux.org/ASA-201709-10
reference_id	ASA-201709-10
reference_type
scores
url	https://security.archlinux.org/ASA-201709-10

reference_url

https://security.archlinux.org/AVG-400

reference_id

AVG-400

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-400

fixed_packages

url	pkg:apk/alpine/ffmpeg@3.3.4-r0?arch=aarch64&distroversion=v3.7&reponame=main
purl	pkg:apk/alpine/ffmpeg@3.3.4-r0?arch=aarch64&distroversion=v3.7&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@3.3.4-r0%3Farch=aarch64&distroversion=v3.7&reponame=main

aliases CVE-2017-14222

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1bpu-gwhz-2bf4

url VCID-6y3x-huh9-mfhe

vulnerability_id VCID-6y3x-huh9-mfhe

summary In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but does not contain sufficient backing data, is provided, the loop over 'table_entries_used' would consume huge CPU resources, since there is no EOF check inside the loop.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-14171

reference_id

reference_type

scores

value	0.00256
scoring_system	epss
scoring_elements	0.49174
published_at	2026-06-04T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49235
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-14171

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://security.archlinux.org/ASA-201709-10
reference_id	ASA-201709-10
reference_type
scores
url	https://security.archlinux.org/ASA-201709-10

reference_url

https://security.archlinux.org/AVG-400

reference_id

AVG-400

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-400

fixed_packages

url	pkg:apk/alpine/ffmpeg@3.3.4-r0?arch=aarch64&distroversion=v3.7&reponame=main
purl	pkg:apk/alpine/ffmpeg@3.3.4-r0?arch=aarch64&distroversion=v3.7&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@3.3.4-r0%3Farch=aarch64&distroversion=v3.7&reponame=main

aliases CVE-2017-14171

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6y3x-huh9-mfhe

url VCID-swse-ghhk-t7fz

vulnerability_id VCID-swse-ghhk-t7fz

summary In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-14058

reference_id

reference_type

scores

value	0.00612
scoring_system	epss
scoring_elements	0.70208
published_at	2026-06-04T12:55:00Z

value	0.00612
scoring_system	epss
scoring_elements	0.7025
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-14058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767

reference_url	https://security.archlinux.org/ASA-201709-10
reference_id	ASA-201709-10
reference_type
scores
url	https://security.archlinux.org/ASA-201709-10

reference_url

https://security.archlinux.org/AVG-400

reference_id

AVG-400

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-400

fixed_packages

url	pkg:apk/alpine/ffmpeg@3.3.4-r0?arch=aarch64&distroversion=v3.7&reponame=main
purl	pkg:apk/alpine/ffmpeg@3.3.4-r0?arch=aarch64&distroversion=v3.7&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@3.3.4-r0%3Farch=aarch64&distroversion=v3.7&reponame=main

aliases CVE-2017-14058

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-swse-ghhk-t7fz

url VCID-w9dg-bdap-pkea

vulnerability_id VCID-w9dg-bdap-pkea

summary In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-14169

reference_id

reference_type

scores

value	0.0175
scoring_system	epss
scoring_elements	0.82903
published_at	2026-06-04T12:55:00Z

value	0.0175
scoring_system	epss
scoring_elements	0.82929
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-14169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://security.archlinux.org/ASA-201709-10
reference_id	ASA-201709-10
reference_type
scores
url	https://security.archlinux.org/ASA-201709-10

reference_url

https://security.archlinux.org/AVG-400

reference_id

AVG-400

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-400

fixed_packages

url	pkg:apk/alpine/ffmpeg@3.3.4-r0?arch=aarch64&distroversion=v3.7&reponame=main
purl	pkg:apk/alpine/ffmpeg@3.3.4-r0?arch=aarch64&distroversion=v3.7&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@3.3.4-r0%3Farch=aarch64&distroversion=v3.7&reponame=main

aliases CVE-2017-14169

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w9dg-bdap-pkea

url VCID-xa2s-fnc6-3qdu

vulnerability_id VCID-xa2s-fnc6-3qdu

summary In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-14055

reference_id

reference_type

scores

value	0.00275
scoring_system	epss
scoring_elements	0.51166
published_at	2026-06-04T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.51228
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-14055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767

reference_url	https://security.archlinux.org/ASA-201709-10
reference_id	ASA-201709-10
reference_type
scores
url	https://security.archlinux.org/ASA-201709-10

reference_url

https://security.archlinux.org/AVG-400

reference_id

AVG-400

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-400

fixed_packages

url	pkg:apk/alpine/ffmpeg@3.3.4-r0?arch=aarch64&distroversion=v3.7&reponame=main
purl	pkg:apk/alpine/ffmpeg@3.3.4-r0?arch=aarch64&distroversion=v3.7&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@3.3.4-r0%3Farch=aarch64&distroversion=v3.7&reponame=main

aliases CVE-2017-14055

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xa2s-fnc6-3qdu

url VCID-xd94-89pe-tqdn

vulnerability_id VCID-xd94-89pe-tqdn

summary In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-14223

reference_id

reference_type

scores

value	0.01013
scoring_system	epss
scoring_elements	0.77476
published_at	2026-06-04T12:55:00Z

value	0.01013
scoring_system	epss
scoring_elements	0.77503
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-14223

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767

reference_url	https://security.archlinux.org/ASA-201709-10
reference_id	ASA-201709-10
reference_type
scores
url	https://security.archlinux.org/ASA-201709-10

reference_url

https://security.archlinux.org/AVG-400

reference_id

AVG-400

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-400

fixed_packages

url	pkg:apk/alpine/ffmpeg@3.3.4-r0?arch=aarch64&distroversion=v3.7&reponame=main
purl	pkg:apk/alpine/ffmpeg@3.3.4-r0?arch=aarch64&distroversion=v3.7&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@3.3.4-r0%3Farch=aarch64&distroversion=v3.7&reponame=main

aliases CVE-2017-14223

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xd94-89pe-tqdn

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@3.3.4-r0%3Farch=aarch64&distroversion=v3.7&reponame=main

Package Instance