CVE Vulnerabilities

CVE-2017-9222

Loop with Unreachable Exit Condition ('Infinite Loop')

Published: Jun 27, 2017 | Modified: Oct 03, 2019
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
7.1 HIGH
AV:N/AC:M/Au:N/C:N/I:N/A:C
RedHat/V2
RedHat/V3
Ubuntu
LOW

The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name Vendor Start Version End Version
Freeware_advanced_audio_decoder_2 Audiocoding 2.7 (including) 2.7 (including)
Faad2 Ubuntu trusty *
Faad2 Ubuntu trusty/esm *
Faad2 Ubuntu upstream *
Faad2 Ubuntu xenial *
Faad2 Ubuntu yakkety *
Faad2 Ubuntu zesty *

References