CVE-2014-9604 — Ffmpeg vulnerability

CWE-1896 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 29.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg Canonical Ubuntu Linux

Timeline

PublishedJan 16

Latest updateJan 20

Description

libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/ffmpeg< ffmpeg 7:2.5.1-1 (bookworm)

▶Debianffmpeg/ffmpeg< 7:2.5.1-1+3

▶NVDffmpeg/ffmpeg2.5.1

Also affects: Ubuntu Linux 12.04

🔴Vulnerability Details

GHSA

GHSA-fmmw-c889-hg82: libavcodec/utvideodec↗2022-05-17

▶

OSV

CVE-2014-9604: libavcodec/utvideodec↗2015-01-16

▶

📋Vendor Advisories

Ubuntu

Libav vulnerabilities↗2015-03-17

▶

Debian

CVE-2014-9604: ffmpeg - libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value o...↗2014

▶

📄Research Papers

arXiv

On the Effectiveness of Function-Level Vulnerability Detectors for Inter-Procedural Vulnerabilities↗2024-01-20

▶