Gaskiya vulnerability da aka ware a matsayin karshewa an samu a FFmpeg 2.0. Hakika, aikin intra_pred ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil libavcodec/hevcpred_template.c, a cikin sashen $software_component. A sa manipulation ka Pufferüberlauf. Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-119. An gabatar da wannan matsala a 07/11/2013. Hakika, rauni an bayyana shi 03/02/2014 daga Mateusz Jurczyk and Gynvael Coldwind tare da Google Security Team kamar avcodec/hevcpred_template: also initialize top[-1] for constrained intra prediction kamar GIT Commit (GIT Repository). An raba bayanin tsaro don saukewa a git.videolan.org. Wannan matsala ana saninta da CVE-2014-125007. Ngam yiɗi ka a tuma ndiyam ka nder waya. Tekinikal faɗi ga. Babu exploit ɗin da ake samu. A sa'i, exploit might be approx. USD $0-$5k ndiyam. 0-day shima, an ndiyam a wuro be $0-$5k. An tanadi gyaran matsalar don saukewa a git.videolan.org. Ana shawartar a saka patch domin warware wannan matsala. Wannan vulnerability an kuma samu a wasu kundin bayanan vulnerability: X-Force (91656) , Secunia (SA57282). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

3 Goyarwa · 58 Datenpunkte