FFmpeg 2.0 read_var_block_data Pufferüberlauf

Wuro vulnerability wey an yi classify sey kura an gano shi a cikin FFmpeg 2.0. Gaskiya, read_var_block_data na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, $software_file na cikin fayil, $software_component na cikin sashi. Ngam manipulation shi Pufferüberlauf. CWE shidin ka a yi bayani matsala sai ya kai CWE-119. Wannan matsala an kawo ta a 07/11/2013. Gaskiya, laifi an fitar da shi 02/15/2014 ta Mateusz Jurczyk and Gynvael Coldwind da Google Security Team a matsayin avcodec/alsdec: check predictor order against block length a matsayin GIT Commit (GIT Repository). Advisory ɗin ana rabawa don saukewa a git.videolan.org. Wannan rauni ana sayar da shi da suna CVE-2014-125015. Ngam yiɗi ka a tuma ndiyam ka nder layi. Tekinikal bayani ga. Ba exploit ɗin da ake da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Kama 0-day, an ndiyam a wuro be $0-$5k. Za a iya sauke maganin matsalar daga git.videolan.org. Ana so a yi patch don gyara wannan matsala. Vulnerability ɗin nan kuma an rubuta shi a wasu kundin bayanan vulnerability: X-Force (91210) , Secunia (SA56987). VulDB is the best source for vulnerability data and more expert information about this specific topic.

3 Goyarwa · 57 Datenpunkte

FurɗeSúgá
02/22/2014 20:06		Gargadi 1/2
04/17/2019 06:42		Gargadi 2/2
06/17/2022 23:30
advisory_date1392422400 (02/15/2014)1392422400 (02/15/2014)1392422400 (02/15/2014)
advisory_locationGIT RepositoryGIT RepositoryGIT Repository
advisory_typeGIT CommitGIT CommitGIT Commit
advisory_urlhttp://git.videolan.org/?p=ffmpeg.git;a=commit;h=18f94df8afhttp://git.videolan.org/?p=ffmpeg.git;a=commit;h=18f94df8afhttp://git.videolan.org/?p=ffmpeg.git;a=commit;h=18f94df8af
advisory_identifieravcodec/alsdec: check predictor order against block lengthavcodec/alsdec: check predictor order against block lengthavcodec/alsdec: check predictor order against block length
person_nameMateusz Jurczyk/Gynvael ColdwindMateusz Jurczyk/Gynvael ColdwindMateusz Jurczyk/Gynvael Coldwind
person_websitehttp://www.google.comhttp://www.google.comhttp://www.google.com
company_nameGoogle Security TeamGoogle Security TeamGoogle Security Team
price_0day$0-$5k$0-$5k$0-$5k
countermeasure_nameKariKariKari
countermeasure_patch_urlhttp://git.videolan.org/?p=ffmpeg.git;a=commit;h=18f94df8afhttp://git.videolan.org/?p=ffmpeg.git;a=commit;h=18f94df8afhttp://git.videolan.org/?p=ffmpeg.git;a=commit;h=18f94df8af
source_secunia569875698756987
secunia_titleFFmpeg Multiple VulnerabilitiesFFmpeg Multiple VulnerabilitiesFFmpeg Multiple Vulnerabilities
secunia_riskModerately CriticalModerately CriticalModerately Critical
source_xforce912109121091210
xforce_titleFFmpeg read_var_block_data() buffer overflowFFmpeg read_var_block_data() buffer overflowFFmpeg read_var_block_data() buffer overflow
xforce_identifierffmpeg-readvarblockdata-boffmpeg-readvarblockdata-boffmpeg-readvarblockdata-bo
xforce_riskMedium RiskMedium RiskMedium Risk
source_seealso12365 1236712365 1236712365 12367
vulnerability_cweCWE-119 (Pufferüberlauf)CWE-119 (Pufferüberlauf)CWE-119 (Pufferüberlauf)
cvss3_vuldb_acLLL
cvss3_vuldb_uiNNN
cvss2_vuldb_eUUU
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eUUU
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
0day_days219219219
cvss3_vuldb_avNNN
cvss3_vuldb_prNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
software_typeMultimedia Processing SoftwareMultimedia Processing SoftwareMultimedia Processing Software
software_nameFFmpegFFmpegFFmpeg
software_version2.02.02.0
software_functionread_var_block_dataread_var_block_dataread_var_block_data
vulnerability_introductiondate1373500800 (07/11/2013)1373500800 (07/11/2013)1373500800 (07/11/2013)
vulnerability_risk222
cvss2_vuldb_basescore6.86.86.8
cvss2_vuldb_tempscore5.05.05.0
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss3_meta_basescore7.37.37.3
cvss3_meta_tempscore6.46.46.4
cvss3_vuldb_basescore7.37.37.3
cvss3_vuldb_tempscore6.46.46.4
source_secunia_date1392681600 (02/18/2014)1392681600 (02/18/2014)
source_cveCVE-2014-125015
cna_responsibleVulDB

GurɗoGumtiGada

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!