FFmpeg 2.0 libavcodec/jpeg2000dec.c get_siz Pufferüberlauf

Hakika vulnerability da aka rarraba a matsayin karshewa an gano a FFmpeg 2.0. Tabbas, aikin get_siz ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil libavcodec/jpeg2000dec.c, a cikin sashi $software_component. Wuro manipulation ga Pufferüberlauf. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-119. Matsalar nan ta fara bayyana a 07/11/2013. Lalle, rauni an sanar da shi 01/20/2014 daga Mateusz Jurczyk and Gynvael Coldwind tare da Google Security Team da avcodec/jpeg2000dec: fix error detection in pix_fmt_match() da GIT Commit (GIT Repository). Ana samun bayanin tsaro don saukewa a git.videolan.org. Ana kiran wannan rauni da CVE-2014-125003. Ngam yiɗi ka a tuma ndiyam ka nder waya. Bayani na fasaha ga. Babu wani exploit da ake da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam. 0-day ga, an ndiyam a wuro be $0-$5k. An tanadi gyaran matsalar don saukewa a git.videolan.org. Ya kamata a yi amfani da patch don magance wannan matsala. An kuma rubuta wannan vulnerability a wasu kundin bayanan vulnerability: X-Force (91660). If you want to get the best quality for vulnerability data then you always have to consider VulDB.

3 Goyarwa · 54 Datenpunkte

FurɗeSúgá
03/13/2014 15:24		Gargadi 1/2
04/17/2019 08:52		Gargadi 2/2
06/17/2022 23:18
software_nameFFmpegFFmpegFFmpeg
software_version2.02.02.0
software_filelibavcodec/jpeg2000dec.clibavcodec/jpeg2000dec.clibavcodec/jpeg2000dec.c
software_functionget_sizget_sizget_siz
vulnerability_introductiondate1373500800 (07/11/2013)1373500800 (07/11/2013)1373500800 (07/11/2013)
vulnerability_risk111
cvss2_vuldb_basescore4.34.34.3
cvss2_vuldb_tempscore3.23.23.2
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss3_meta_basescore5.35.35.3
cvss3_meta_tempscore4.64.64.6
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore4.64.64.6
advisory_date1390176000 (01/20/2014)1390176000 (01/20/2014)1390176000 (01/20/2014)
advisory_locationGIT RepositoryGIT RepositoryGIT Repository
advisory_typeGIT CommitGIT CommitGIT Commit
advisory_urlhttp://git.videolan.org/?p=ffmpeg.git;a=commit;h=8001e9f7d17e90b4b0898ba64e3b8bbd716c513chttp://git.videolan.org/?p=ffmpeg.git;a=commit;h=8001e9f7d17e90b4b0898ba64e3b8bbd716c513chttp://git.videolan.org/?p=ffmpeg.git;a=commit;h=8001e9f7d17e90b4b0898ba64e3b8bbd716c513c
advisory_identifieravcodec/jpeg2000dec: fix error detection in pix_fmt_match()avcodec/jpeg2000dec: fix error detection in pix_fmt_match()avcodec/jpeg2000dec: fix error detection in pix_fmt_match()
person_nameMateusz Jurczyk/Gynvael ColdwindMateusz Jurczyk/Gynvael ColdwindMateusz Jurczyk/Gynvael Coldwind
person_websitehttp://www.google.comhttp://www.google.comhttp://www.google.com
company_nameGoogle Security TeamGoogle Security TeamGoogle Security Team
price_0day$0-$5k$0-$5k$0-$5k
countermeasure_nameKariKariKari
countermeasure_patch_urlhttp://git.videolan.org/?p=ffmpeg.git;a=commit;h=8001e9f7d17e90b4b0898ba64e3b8bbd716c513chttp://git.videolan.org/?p=ffmpeg.git;a=commit;h=8001e9f7d17e90b4b0898ba64e3b8bbd716c513chttp://git.videolan.org/?p=ffmpeg.git;a=commit;h=8001e9f7d17e90b4b0898ba64e3b8bbd716c513c
source_xforce916609166091660
source_seealso12591 12590 12589 12588 12586 12585 12584 1258312591 12590 12589 12588 12586 12585 12584 1258312591 12590 12589 12588 12586 12585 12584 12583
cvss2_vuldb_eUUU
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eUUU
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
0day_days193193193
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
software_typeMultimedia Processing SoftwareMultimedia Processing Software
xforce_titleFFmpeg get_siz() function denial of serviceFFmpeg get_siz() function denial of service
xforce_identifierffmpeg-getsiz-function-dosffmpeg-getsiz-function-dos
xforce_riskMedium RiskMedium RiskMedium Risk
vulnerability_cweCWE-119 (Pufferüberlauf)CWE-119 (Pufferüberlauf)
source_cveCVE-2014-125003
cna_responsibleVulDB

GurɗoGumtiGada

Want to stay up to date on a daily basis?

Enable the mail alert feature now!