Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/ffmpeg4@3.3.4-r0?arch=armhf&distroversion=v3.18&reponame=community

Type apk

Namespace alpine

Name ffmpeg4

Version 3.3.4-r0

Qualifiers

arch	armhf
distroversion	v3.18
reponame	community

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3.4.3-r0

Latest_non_vulnerable_version 4.4.1-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1bpu-gwhz-2bf4

vulnerability_id VCID-1bpu-gwhz-2bf4

summary In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-14222

reference_id

reference_type

scores

value	0.00476
scoring_system	epss
scoring_elements	0.65219
published_at	2026-06-04T12:55:00Z

value	0.00476
scoring_system	epss
scoring_elements	0.65261
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-14222

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767

reference_url	https://security.archlinux.org/ASA-201709-10
reference_id	ASA-201709-10
reference_type
scores
url	https://security.archlinux.org/ASA-201709-10

reference_url

https://security.archlinux.org/AVG-400

reference_id

AVG-400

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-400

fixed_packages

url	pkg:apk/alpine/ffmpeg4@3.3.4-r0?arch=armhf&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/ffmpeg4@3.3.4-r0?arch=armhf&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg4@3.3.4-r0%3Farch=armhf&distroversion=v3.18&reponame=community

aliases CVE-2017-14222

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1bpu-gwhz-2bf4

url VCID-5ar1-9ef9-qfbk

vulnerability_id VCID-5ar1-9ef9-qfbk

summary In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-14170

reference_id

reference_type

scores

value	0.00281
scoring_system	epss
scoring_elements	0.51766
published_at	2026-06-04T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51824
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-14170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://security.archlinux.org/ASA-201709-10
reference_id	ASA-201709-10
reference_type
scores
url	https://security.archlinux.org/ASA-201709-10

reference_url

https://security.archlinux.org/AVG-400

reference_id

AVG-400

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-400

fixed_packages

url	pkg:apk/alpine/ffmpeg4@3.3.4-r0?arch=armhf&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/ffmpeg4@3.3.4-r0?arch=armhf&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg4@3.3.4-r0%3Farch=armhf&distroversion=v3.18&reponame=community

aliases CVE-2017-14170

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5ar1-9ef9-qfbk

url VCID-6y3x-huh9-mfhe

vulnerability_id VCID-6y3x-huh9-mfhe

summary In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but does not contain sufficient backing data, is provided, the loop over 'table_entries_used' would consume huge CPU resources, since there is no EOF check inside the loop.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-14171

reference_id

reference_type

scores

value	0.00256
scoring_system	epss
scoring_elements	0.49174
published_at	2026-06-04T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49235
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-14171

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://security.archlinux.org/ASA-201709-10
reference_id	ASA-201709-10
reference_type
scores
url	https://security.archlinux.org/ASA-201709-10

reference_url

https://security.archlinux.org/AVG-400

reference_id

AVG-400

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-400

fixed_packages

url	pkg:apk/alpine/ffmpeg4@3.3.4-r0?arch=armhf&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/ffmpeg4@3.3.4-r0?arch=armhf&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg4@3.3.4-r0%3Farch=armhf&distroversion=v3.18&reponame=community

aliases CVE-2017-14171

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6y3x-huh9-mfhe

url VCID-fppn-gp95-vkdr

vulnerability_id VCID-fppn-gp95-vkdr

summary In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-14059

reference_id

reference_type

scores

value	0.00379
scoring_system	epss
scoring_elements	0.59712
published_at	2026-06-04T12:55:00Z

value	0.00379
scoring_system	epss
scoring_elements	0.59762
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-14059

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767

reference_url	https://security.archlinux.org/ASA-201709-10
reference_id	ASA-201709-10
reference_type
scores
url	https://security.archlinux.org/ASA-201709-10

reference_url

https://security.archlinux.org/AVG-400

reference_id

AVG-400

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-400

fixed_packages

url	pkg:apk/alpine/ffmpeg4@3.3.4-r0?arch=armhf&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/ffmpeg4@3.3.4-r0?arch=armhf&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg4@3.3.4-r0%3Farch=armhf&distroversion=v3.18&reponame=community

aliases CVE-2017-14059

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fppn-gp95-vkdr

url VCID-fpxz-k9r8-13ga

vulnerability_id VCID-fpxz-k9r8-13ga

summary In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-14056

reference_id

reference_type

scores

value	0.00275
scoring_system	epss
scoring_elements	0.51166
published_at	2026-06-04T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.51228
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-14056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767

reference_url	https://security.archlinux.org/ASA-201709-10
reference_id	ASA-201709-10
reference_type
scores
url	https://security.archlinux.org/ASA-201709-10

reference_url

https://security.archlinux.org/AVG-400

reference_id

AVG-400

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-400

fixed_packages

url	pkg:apk/alpine/ffmpeg4@3.3.4-r0?arch=armhf&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/ffmpeg4@3.3.4-r0?arch=armhf&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg4@3.3.4-r0%3Farch=armhf&distroversion=v3.18&reponame=community

aliases CVE-2017-14056

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fpxz-k9r8-13ga

url VCID-pnu9-tnrf-4bgz

vulnerability_id VCID-pnu9-tnrf-4bgz

summary The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.)

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-14225

reference_id

reference_type

scores

value	0.00816
scoring_system	epss
scoring_elements	0.74667
published_at	2026-06-04T12:55:00Z

value	0.00816
scoring_system	epss
scoring_elements	0.74698
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-14225

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767

reference_url	https://security.archlinux.org/ASA-201709-10
reference_id	ASA-201709-10
reference_type
scores
url	https://security.archlinux.org/ASA-201709-10

reference_url

https://security.archlinux.org/AVG-400

reference_id

AVG-400

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-400

fixed_packages

url	pkg:apk/alpine/ffmpeg4@3.3.4-r0?arch=armhf&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/ffmpeg4@3.3.4-r0?arch=armhf&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg4@3.3.4-r0%3Farch=armhf&distroversion=v3.18&reponame=community

aliases CVE-2017-14225

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pnu9-tnrf-4bgz

url VCID-swse-ghhk-t7fz

vulnerability_id VCID-swse-ghhk-t7fz

summary In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-14058

reference_id

reference_type

scores

value	0.00612
scoring_system	epss
scoring_elements	0.70208
published_at	2026-06-04T12:55:00Z

value	0.00612
scoring_system	epss
scoring_elements	0.7025
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-14058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767

reference_url	https://security.archlinux.org/ASA-201709-10
reference_id	ASA-201709-10
reference_type
scores
url	https://security.archlinux.org/ASA-201709-10

reference_url

https://security.archlinux.org/AVG-400

reference_id

AVG-400

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-400

fixed_packages

url	pkg:apk/alpine/ffmpeg4@3.3.4-r0?arch=armhf&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/ffmpeg4@3.3.4-r0?arch=armhf&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg4@3.3.4-r0%3Farch=armhf&distroversion=v3.18&reponame=community

aliases CVE-2017-14058

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-swse-ghhk-t7fz

url VCID-tmb4-md87-j7h8

vulnerability_id VCID-tmb4-md87-j7h8

summary In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-14054

reference_id

reference_type

scores

value	0.00293
scoring_system	epss
scoring_elements	0.52935
published_at	2026-06-04T12:55:00Z

value	0.00293
scoring_system	epss
scoring_elements	0.52996
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-14054

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767

reference_url	https://security.archlinux.org/ASA-201709-10
reference_id	ASA-201709-10
reference_type
scores
url	https://security.archlinux.org/ASA-201709-10

reference_url

https://security.archlinux.org/AVG-400

reference_id

AVG-400

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-400

fixed_packages

url	pkg:apk/alpine/ffmpeg4@3.3.4-r0?arch=armhf&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/ffmpeg4@3.3.4-r0?arch=armhf&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg4@3.3.4-r0%3Farch=armhf&distroversion=v3.18&reponame=community

aliases CVE-2017-14054

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tmb4-md87-j7h8

url VCID-w9dg-bdap-pkea

vulnerability_id VCID-w9dg-bdap-pkea

summary In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-14169

reference_id

reference_type

scores

value	0.0175
scoring_system	epss
scoring_elements	0.82903
published_at	2026-06-04T12:55:00Z

value	0.0175
scoring_system	epss
scoring_elements	0.82929
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-14169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://security.archlinux.org/ASA-201709-10
reference_id	ASA-201709-10
reference_type
scores
url	https://security.archlinux.org/ASA-201709-10

reference_url

https://security.archlinux.org/AVG-400

reference_id

AVG-400

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-400

fixed_packages

url	pkg:apk/alpine/ffmpeg4@3.3.4-r0?arch=armhf&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/ffmpeg4@3.3.4-r0?arch=armhf&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg4@3.3.4-r0%3Farch=armhf&distroversion=v3.18&reponame=community

aliases CVE-2017-14169

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w9dg-bdap-pkea

url VCID-xa2s-fnc6-3qdu

vulnerability_id VCID-xa2s-fnc6-3qdu

summary In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-14055

reference_id

reference_type

scores

value	0.00275
scoring_system	epss
scoring_elements	0.51166
published_at	2026-06-04T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.51228
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-14055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767

reference_url	https://security.archlinux.org/ASA-201709-10
reference_id	ASA-201709-10
reference_type
scores
url	https://security.archlinux.org/ASA-201709-10

reference_url

https://security.archlinux.org/AVG-400

reference_id

AVG-400

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-400

fixed_packages

url	pkg:apk/alpine/ffmpeg4@3.3.4-r0?arch=armhf&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/ffmpeg4@3.3.4-r0?arch=armhf&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg4@3.3.4-r0%3Farch=armhf&distroversion=v3.18&reponame=community

aliases CVE-2017-14055

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xa2s-fnc6-3qdu

url VCID-xd94-89pe-tqdn

vulnerability_id VCID-xd94-89pe-tqdn

summary In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-14223

reference_id

reference_type

scores

value	0.01013
scoring_system	epss
scoring_elements	0.77476
published_at	2026-06-04T12:55:00Z

value	0.01013
scoring_system	epss
scoring_elements	0.77503
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-14223

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767

reference_url	https://security.archlinux.org/ASA-201709-10
reference_id	ASA-201709-10
reference_type
scores
url	https://security.archlinux.org/ASA-201709-10

reference_url

https://security.archlinux.org/AVG-400

reference_id

AVG-400

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-400

fixed_packages

url	pkg:apk/alpine/ffmpeg4@3.3.4-r0?arch=armhf&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/ffmpeg4@3.3.4-r0?arch=armhf&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg4@3.3.4-r0%3Farch=armhf&distroversion=v3.18&reponame=community

aliases CVE-2017-14223

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xd94-89pe-tqdn

url VCID-xwbz-r588-v3f6

vulnerability_id VCID-xwbz-r588-v3f6

summary In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-14057

reference_id

reference_type

scores

value	0.00275
scoring_system	epss
scoring_elements	0.51166
published_at	2026-06-04T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.51228
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-14057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14767

reference_url	https://security.archlinux.org/ASA-201709-10
reference_id	ASA-201709-10
reference_type
scores
url	https://security.archlinux.org/ASA-201709-10

reference_url

https://security.archlinux.org/AVG-400

reference_id

AVG-400

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-400

fixed_packages

url	pkg:apk/alpine/ffmpeg4@3.3.4-r0?arch=armhf&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/ffmpeg4@3.3.4-r0?arch=armhf&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg4@3.3.4-r0%3Farch=armhf&distroversion=v3.18&reponame=community

aliases CVE-2017-14057

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xwbz-r588-v3f6

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg4@3.3.4-r0%3Farch=armhf&distroversion=v3.18&reponame=community

Package Instance