CVE-2014-2133

CWE-119Buffer OverflowCWE-20Improper Input Validation6 documents6 sources
Severity
9.3CRITICAL
EPSS
4.3%
top 11.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Webex Advanced Recording Format PlayerCisco Webex Recording Format Player
Timeline
PublishedMay 8
Latest updateMay 17

Description

Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file that triggers improper LZW decompression, aka Bug ID CSCuj87565.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-g86f-c44g-786h: Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T282022-05-17
CVEList
CVE-2014-2133: Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T282014-05-08

📋Vendor Advisories

2
Red Hat
WS: Incomplete fix for CVE-2013-21332014-08-06
Cisco
Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players2014-05-07

💬Community

1
Bugzilla
CVE-2014-3464 JBoss WS: Incomplete fix for CVE-2013-21332014-05-28
CVE-2014-2133 (CRITICAL CVSS 9.3) | Buffer overflow in Cisco Advanced R | cvebase.io