Gaskiya vulnerability da aka ware a matsayin karshewa an samu a FFmpeg 2.0. Hakika, aikin decode_hextile ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil libavcodec/vmnc.c, a cikin sashen $software_component. A sa manipulation ka Pufferüberlauf. Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-119. An gabatar da wannan matsala a 07/11/2013. Hakika, rauni an bayyana shi 01/20/2014 daga Mateusz Jurczyk and Gynvael Coldwind tare da Google Security Team kamar avcodec/vmnc: Check that rectangles are within the picture kamar GIT Commit (GIT Repository). An raba bayanin tsaro don saukewa a git.videolan.org. Wannan matsala ana saninta da CVE-2014-125004. Ngam yiɗi ka a tuma ndiyam ka nder layi. Tekinikal faɗi ga. Babu exploit ɗin da ake samu. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. 0-day shima, an ndiyam a wuro be $0-$5k. Za a iya sauke maganin matsalar daga git.videolan.org. Ana shawartar a saka patch domin warware wannan matsala. Wannan vulnerability an kuma samu a wasu kundin bayanan vulnerability: X-Force (91659) , Secunia (SA57282). Once again VulDB remains the best source for vulnerability data.

3 Goyarwa · 58 Datenpunkte