CVE Vulnerabilities

CVE-2019-14442

Loop with Unreachable Exit Condition ('Infinite Loop')

Published: Jul 30, 2019 | Modified: Aug 24, 2020
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
7.1 HIGH
AV:N/AC:M/Au:N/C:N/I:N/A:C
RedHat/V2
RedHat/V3
Ubuntu

In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file.

Weakness

The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name Vendor Start Version End Version
Libav Libav 12.3 12.3
Libav Ubuntu trusty *

References