CVE-2014-7937 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Ffmpeg

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416 — Use After Free8 documents7 sources

Severity

7.5HIGHNVD

EPSS

2.9%

top 13.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg Google Chrome

Timeline

PublishedJan 22

Latest updateMay 17

Description

Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

▶NVDgoogle/chrome40.0.2214.85

▶debiandebian/ffmpeg< ffmpeg 7:2.4.2-1 (bookworm)

▶Debianffmpeg/ffmpeg< 7:2.4.2-1+3

▶NVDffmpeg/ffmpeg2.4.1

🔴Vulnerability Details

GHSA

GHSA-prgf-q87j-gvg5: Multiple off-by-one errors in libavcodec/vorbisdec↗2022-05-17

▶

OSV

oxide-qt vulnerabilities↗2015-01-26

▶

OSV

CVE-2014-7937: Multiple off-by-one errors in libavcodec/vorbisdec↗2015-01-22

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerabilities↗2015-01-26

▶

Red Hat

chromium-browser: use-after-free in FFmpeg↗2015-01-21

▶

Debian

CVE-2014-7937: ffmpeg - Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as ...↗2014

▶

💬Community

Bugzilla

CVE-2014-7937 chromium-browser: use-after-free in FFmpeg↗2015-01-23

▶