CVE-2014-2097Improper Input Validation in Ffmpeg

CWE-20Improper Input Validation3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.4%
top 37.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
FfmpegDebian Ffmpeg
Timeline
PublishedMar 2
Latest updateMay 17

Description

The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted TAK (aka Tom's lossless Audio Kompressor) data.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

NVDffmpeg/ffmpeg2.1.3+7
debiandebian/ffmpeg

🔴Vulnerability Details

1
GHSA
GHSA-x9v4-qjjx-qmxp: The tak_decode_frame function in libavcodec/takdec2022-05-17

📋Vendor Advisories

1
Debian
CVE-2014-2097: ffmpeg - The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 2.1.4 does...2014