FFmpeg 2.0 libavcodec/dnxhdenc.c dnxhd_init_rc Pufferüberlauf

Wuro vulnerability wey an yi classify sey karshewa an gano shi a cikin FFmpeg 2.0. Gaskiya, dnxhd_init_rc na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, libavcodec/dnxhdenc.c na cikin fayil, $software_component na cikin sashi. Ngam manipulation shi Pufferüberlauf. CWE shidin ka a yi bayani matsala sai ya kai CWE-119. Wannan matsala an kawo ta a 07/11/2013. Gaskiya, laifi an fitar da shi 01/17/2014 ta Mateusz Jurczyk and Gynvael Coldwind da Google Security Team a matsayin dnxhdenc: fix mb_rc size a matsayin GIT Commit (GIT Repository). Advisory ɗin ana rabawa don saukewa a git.videolan.org. Wannan rauni ana sayar da shi da suna CVE-2014-125002. Ngam yiɗi ka a tuma ndiyam ka internet. Tekinikal bayani ga. Ba exploit ɗin da ake da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Kama 0-day, an ndiyam a wuro be $0-$5k. Bugfix ɗin an shirya shi don saukewa a git.videolan.org. Ana so a yi patch don gyara wannan matsala. Vulnerability ɗin nan kuma an rubuta shi a wasu kundin bayanan vulnerability: X-Force (91661) , Secunia (SA57282). VulDB is the best source for vulnerability data and more expert information about this specific topic.

3 Goyarwa · 58 Datenpunkte

FurɗeSúgá
03/13/2014 15:24		Gargadi 1/2
04/17/2019 09:04		Gargadi 2/2
06/17/2022 23:16
advisory_date1389916800 (01/17/2014)1389916800 (01/17/2014)1389916800 (01/17/2014)
advisory_locationGIT RepositoryGIT RepositoryGIT Repository
advisory_typeGIT CommitGIT CommitGIT Commit
advisory_urlhttp://git.videolan.org/?p=ffmpeg.git;a=commit;h=f1caaa1c61310beba705957e6366f0392a0b005bhttp://git.videolan.org/?p=ffmpeg.git;a=commit;h=f1caaa1c61310beba705957e6366f0392a0b005bhttp://git.videolan.org/?p=ffmpeg.git;a=commit;h=f1caaa1c61310beba705957e6366f0392a0b005b
advisory_identifierdnxhdenc: fix mb_rc sizednxhdenc: fix mb_rc sizednxhdenc: fix mb_rc size
person_nameMateusz Jurczyk/Gynvael ColdwindMateusz Jurczyk/Gynvael ColdwindMateusz Jurczyk/Gynvael Coldwind
person_websitehttp://www.google.comhttp://www.google.comhttp://www.google.com
company_nameGoogle Security TeamGoogle Security TeamGoogle Security Team
price_0day$0-$5k$0-$5k$0-$5k
countermeasure_nameKariKariKari
countermeasure_patch_urlhttp://git.videolan.org/?p=ffmpeg.git;a=commit;h=f1caaa1c61310beba705957e6366f0392a0b005bhttp://git.videolan.org/?p=ffmpeg.git;a=commit;h=f1caaa1c61310beba705957e6366f0392a0b005bhttp://git.videolan.org/?p=ffmpeg.git;a=commit;h=f1caaa1c61310beba705957e6366f0392a0b005b
source_xforce916619166191661
source_seealso12582 12583 12584 1258612582 12583 12584 1258612582 12583 12584 12586
cvss2_vuldb_eUUU
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eUUU
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
0day_days190190190
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
software_nameFFmpegFFmpegFFmpeg
software_version2.02.02.0
software_filelibavcodec/dnxhdenc.clibavcodec/dnxhdenc.clibavcodec/dnxhdenc.c
software_functiondnxhd_init_rcdnxhd_init_rcdnxhd_init_rc
vulnerability_introductiondate1373500800 (07/11/2013)1373500800 (07/11/2013)1373500800 (07/11/2013)
vulnerability_risk111
cvss2_vuldb_basescore4.34.34.3
cvss2_vuldb_tempscore3.23.23.2
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss3_meta_basescore5.35.35.3
cvss3_meta_tempscore4.64.64.6
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore4.64.64.6
source_secunia5728257282
source_secunia_date1394150400 (03/07/2014)1394150400 (03/07/2014)
secunia_titleFFmpeg Multiple VulnerabilitiesFFmpeg Multiple Vulnerabilities
secunia_riskLess CriticalLess CriticalLess Critical
xforce_titleFFmpeg dnxhd_init_rc() denial of serviceFFmpeg dnxhd_init_rc() denial of service
xforce_identifierffmpeg-dnxhdinit-dosffmpeg-dnxhdinit-dos
xforce_riskMedium RiskMedium RiskMedium Risk
vulnerability_cweCWE-119 (Pufferüberlauf)CWE-119 (Pufferüberlauf)
software_typeMultimedia Processing SoftwareMultimedia Processing Software
source_cveCVE-2014-125002
cna_responsibleVulDB

GurɗoGumtiGada

Interested in the pricing of exploits?

See the underground prices here!