FFmpeg 2.0 libavcodec/h264.c output_frame Pufferüberlauf

Hakika vulnerability da aka rarraba a matsayin karshewa an gano a FFmpeg 2.0. Tabbas, aikin output_frame ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil libavcodec/h264.c, a cikin sashi $software_component. Wuro manipulation ga Pufferüberlauf. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-119. Matsalar nan ta fara bayyana a 07/11/2013. Lalle, rauni an sanar da shi 02/21/2014 daga Mateusz Jurczyk and Gynvael Coldwind tare da Google Security Team da avcodec/h264: use subsample factors of the used pixel format da GIT Commit (GIT Repository). Ana samun bayanin tsaro don saukewa a git.videolan.org. Ana kiran wannan rauni da CVE-2014-125006. Ngam yiɗi ka a tuma ndiyam ka internet. Bayani na fasaha ga. Babu wani exploit da ake da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. 0-day ga, an ndiyam a wuro be $0-$5k. Bugfix ɗin an shirya shi don saukewa a git.videolan.org. Ya kamata a yi amfani da patch don magance wannan matsala. An kuma rubuta wannan vulnerability a wasu kundin bayanan vulnerability: X-Force (91657) , Secunia (SA57282). If you want to get best quality of vulnerability data, you may have to visit VulDB.

3 Goyarwa · 58 Datenpunkte

FurɗeSúgá
03/13/2014 15:24		Gargadi 1/2
04/17/2019 08:15		Gargadi 2/2
06/17/2022 23:21
software_nameFFmpegFFmpegFFmpeg
software_version2.02.02.0
software_filelibavcodec/h264.clibavcodec/h264.clibavcodec/h264.c
software_functionoutput_frameoutput_frameoutput_frame
vulnerability_introductiondate1373500800 (07/11/2013)1373500800 (07/11/2013)1373500800 (07/11/2013)
vulnerability_risk111
cvss2_vuldb_basescore4.34.34.3
cvss2_vuldb_tempscore3.23.23.2
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss3_meta_basescore5.35.35.3
cvss3_meta_tempscore4.64.64.6
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore4.64.64.6
advisory_date1392940800 (02/21/2014)1392940800 (02/21/2014)1392940800 (02/21/2014)
advisory_locationGIT RepositoryGIT RepositoryGIT Repository
advisory_typeGIT CommitGIT CommitGIT Commit
advisory_urlhttp://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c55ff393340998faae887dfac19e7ef128e1e58http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c55ff393340998faae887dfac19e7ef128e1e58http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c55ff393340998faae887dfac19e7ef128e1e58
advisory_identifieravcodec/h264: use subsample factors of the used pixel formatavcodec/h264: use subsample factors of the used pixel formatavcodec/h264: use subsample factors of the used pixel format
person_nameMateusz Jurczyk/Gynvael ColdwindMateusz Jurczyk/Gynvael ColdwindMateusz Jurczyk/Gynvael Coldwind
person_websitehttp://www.google.comhttp://www.google.comhttp://www.google.com
company_nameGoogle Security TeamGoogle Security TeamGoogle Security Team
price_0day$0-$5k$0-$5k$0-$5k
countermeasure_nameKariKariKari
countermeasure_patch_urlhttp://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c55ff393340998faae887dfac19e7ef128e1e58http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c55ff393340998faae887dfac19e7ef128e1e58http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c55ff393340998faae887dfac19e7ef128e1e58
source_xforce916579165791657
source_seealso12582 12583 12586 1258812582 12583 12586 1258812582 12583 12586 12588
cvss2_vuldb_eUUU
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eUUU
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
0day_days225225225
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
software_typeMultimedia Processing SoftwareMultimedia Processing Software
source_secunia5728257282
source_secunia_date1394150400 (03/07/2014)1394150400 (03/07/2014)
secunia_titleFFmpeg Multiple VulnerabilitiesFFmpeg Multiple Vulnerabilities
secunia_riskLess CriticalLess CriticalLess Critical
xforce_titleFFmpeg output_frame() denial of serviceFFmpeg output_frame() denial of service
xforce_identifierffmpeg-outputframe-dosffmpeg-outputframe-dos
xforce_riskMedium RiskMedium RiskMedium Risk
vulnerability_cweCWE-119 (Pufferüberlauf)CWE-119 (Pufferüberlauf)
source_cveCVE-2014-125006
cna_responsibleVulDB

GurɗoGumtiGada

Want to stay up to date on a daily basis?

Enable the mail alert feature now!