CVE-2014-125014 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Ffmpeg

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 61.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg

Timeline

PublishedJun 18

Latest updateJun 19

Description

A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is an unknown functionality of the component HEVC Video Decoder. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶Ubuntuffmpeg/ffmpeg< 7:3.4.2-2+2

▶NVDffmpeg/ffmpeg2.0

▶debiandebian/ffmpeg

🔴Vulnerability Details

GHSA

GHSA-wr2v-5qvp-wv57: A vulnerability classified as problematic was found in FFmpeg 2↗2022-06-19

▶

OSV

CVE-2014-125014: A vulnerability classified as problematic was found in FFmpeg 2↗2022-06-18

▶

📋Vendor Advisories

Debian

CVE-2014-125014: ffmpeg - A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by t...↗2014

▶