CVE-2014-9676 — Ffmpeg vulnerability

4 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

1.6%

top 18.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libav Ffmpeg Debian Ffmpeg

Timeline

PublishedFeb 28

Latest updateMay 17

Description

The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶NVDffmpeg/ffmpeg2.1.4

▶debiandebian/ffmpeg

▶Ubuntulibav/libav< 6:9.20-0ubuntu0.14.04.1+esm1

🔴Vulnerability Details

GHSA

GHSA-9fmj-mghc-6mmj: The seg_write_packet function in libavformat/segment↗2022-05-17

▶

OSV

CVE-2014-9676: The seg_write_packet function in libavformat/segment↗2015-02-28

▶

📋Vendor Advisories

Debian

CVE-2014-9676: ffmpeg - The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earli...↗2014

▶