VDB-12585 · CVE-2014-125005 · XFDB 91658

FFmpeg 2.0 mpeg4videodec.c decode_vol_header Pufferüberlauf

Wuro vulnerability wey an yi classify sey karshewa an gano shi a cikin FFmpeg 2.0. Gaskiya, decode_vol_header na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, libavcodec/mpeg4videodec.c na cikin fayil, $software_component na cikin sashi. Ngam manipulation shi Pufferüberlauf. CWE shidin ka a yi bayani matsala sai ya kai CWE-119. Wannan matsala an kawo ta a 07/11/2013. Gaskiya, laifi an fitar da shi 02/20/2014 ta Mateusz Jurczyk and Gynvael Coldwind da Google Security Team a matsayin avcodec/mpeg4videodec: Check for bitstream overread in decode_vol_header() a matsayin GIT Commit (GIT Repository). Advisory ɗin ana rabawa don saukewa a git.videolan.org. Wannan rauni ana sayar da shi da suna CVE-2014-125005. Ngam yiɗi ka a tuma ndiyam ka nder internet. Tekinikal bayani ga. Ba exploit ɗin da ake da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Kama 0-day, an ndiyam a wuro be $0-$5k. Gyaran matsalar yana nan a shirye don saukewa a git.videolan.org. Ana so a yi patch don gyara wannan matsala. Vulnerability ɗin nan kuma an rubuta shi a wasu kundin bayanan vulnerability: X-Force (91658). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

3 Goyarwa · 54 Datenpunkte

Furɗe	Súgá 03/13/2014 15:24	Gargadi 1/2 04/17/2019 08:27	Gargadi 2/2 06/17/2022 23:20
software_name	FFmpeg	FFmpeg	FFmpeg
software_version	2.0	2.0	2.0
software_file	libavcodec/mpeg4videodec.c	libavcodec/mpeg4videodec.c	libavcodec/mpeg4videodec.c
software_function	decode_vol_header	decode_vol_header	decode_vol_header
vulnerability_introductiondate	1373500800 (07/11/2013)	1373500800 (07/11/2013)	1373500800 (07/11/2013)
vulnerability_risk	1	1	1
cvss2_vuldb_basescore	4.3	4.3	4.3
cvss2_vuldb_tempscore	3.2	3.2	3.2
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	M	M	M
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	N	N	N
cvss2_vuldb_ai	P	P	P
cvss3_meta_basescore	5.3	5.3	5.3
cvss3_meta_tempscore	4.6	4.6	4.6
cvss3_vuldb_basescore	5.3	5.3	5.3
cvss3_vuldb_tempscore	4.6	4.6	4.6
advisory_date	1392854400 (02/20/2014)	1392854400 (02/20/2014)	1392854400 (02/20/2014)
advisory_location	GIT Repository	GIT Repository	GIT Repository
advisory_type	GIT Commit	GIT Commit	GIT Commit
advisory_url	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3edc3b159503d512c919b3d5902f7026e961823a	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3edc3b159503d512c919b3d5902f7026e961823a	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3edc3b159503d512c919b3d5902f7026e961823a
advisory_identifier	avcodec/mpeg4videodec: Check for bitstream overread in decode_vol_header()	avcodec/mpeg4videodec: Check for bitstream overread in decode_vol_header()	avcodec/mpeg4videodec: Check for bitstream overread in decode_vol_header()
person_name	Mateusz Jurczyk/Gynvael Coldwind	Mateusz Jurczyk/Gynvael Coldwind	Mateusz Jurczyk/Gynvael Coldwind
person_website	http://www.google.com	http://www.google.com	http://www.google.com
company_name	Google Security Team	Google Security Team	Google Security Team
price_0day	$0-$5k	$0-$5k	$0-$5k
countermeasure_name	Kari	Kari	Kari
countermeasure_patch_url	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3edc3b159503d512c919b3d5902f7026e961823a	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3edc3b159503d512c919b3d5902f7026e961823a	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3edc3b159503d512c919b3d5902f7026e961823a
source_xforce	91658	91658	91658
source_seealso	12589 12588 12587 12586 12584 12583 12582	12589 12588 12587 12586 12584 12583 12582	12589 12588 12587 12586 12584 12583 12582
cvss2_vuldb_e	U	U	U
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_rc	C	C	C
cvss3_vuldb_e	U	U	U
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
0day_days	224	224	224
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	N	N	N
cvss3_vuldb_a	L	L	L
software_type		Multimedia Processing Software	Multimedia Processing Software
xforce_title		FFmpeg decode_vol_header() denial of service	FFmpeg decode_vol_header() denial of service
xforce_identifier		ffmpeg-decodevolheader-dos	ffmpeg-decodevolheader-dos
xforce_risk	Medium Risk	Medium Risk	Medium Risk
vulnerability_cwe		CWE-119 (Pufferüberlauf)	CWE-119 (Pufferüberlauf)
source_cve			CVE-2014-125005
cna_responsible			VulDB

◂ Gurɗo Gumti Gada ▸

Do you need the next level of professionalism?

Upgrade your account now!