VDB-12389 · CVE-2014-125013 · XFDB 91254

FFmpeg 2.0 libavcodec/msrle.c msrle_decode_frame Pufferüberlauf

Hakika vulnerability da aka rarraba a matsayin karshewa an gano a FFmpeg 2.0. Tabbas, aikin msrle_decode_frame ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil libavcodec/msrle.c, a cikin sashi $software_component. Wuro manipulation ga Pufferüberlauf. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-119. Matsalar nan ta fara bayyana a 07/11/2013. Lalle, rauni an sanar da shi 02/16/2014 daga Mateusz Jurczyk and Gynvael Coldwind (j00ru) tare da Google Security Team da avcodec/msrle: use av_image_get_linesize() to calculate the linesize da GIT Commit (GIT Repository). Ana samun bayanin tsaro don saukewa a git.videolan.org. Ana kiran wannan rauni da CVE-2014-125013. Ngam yiɗi ka a tuma ndiyam ka nder internet. Bayani na fasaha ga. Babu wani exploit da ake da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam. 0-day ga, an ndiyam a wuro be $0-$5k. Gyaran matsalar yana nan a shirye don saukewa a git.videolan.org. Ya kamata a yi amfani da patch don magance wannan matsala. An kuma rubuta wannan vulnerability a wasu kundin bayanan vulnerability: SecurityFocus (BID 65671), X-Force (91254) , Secunia (SA57066). If you want to get the best quality for vulnerability data then you always have to consider VulDB.

3 Goyarwa · 63 Datenpunkte

Furɗe	Súgá 02/24/2014 08:05	Gargadi 1/2 04/17/2019 06:55	Gargadi 2/2 06/17/2022 23:29
software_type	Multimedia Processing Software	Multimedia Processing Software	Multimedia Processing Software
software_name	FFmpeg	FFmpeg	FFmpeg
software_version	2.0	2.0	2.0
software_file	libavcodec/msrle.c	libavcodec/msrle.c	libavcodec/msrle.c
software_function	msrle_decode_frame	msrle_decode_frame	msrle_decode_frame
vulnerability_introductiondate	1373500800 (07/11/2013)	1373500800 (07/11/2013)	1373500800 (07/11/2013)
vulnerability_risk	1	1	1
cvss2_vuldb_basescore	4.3	4.3	4.3
cvss2_vuldb_tempscore	3.2	3.2	3.2
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	M	M	M
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	N	N	N
cvss2_vuldb_ai	P	P	P
cvss3_meta_basescore	5.3	5.3	5.3
cvss3_meta_tempscore	4.6	4.6	4.6
cvss3_vuldb_basescore	5.3	5.3	5.3
cvss3_vuldb_tempscore	4.6	4.6	4.6
advisory_date	1392508800 (02/16/2014)	1392508800 (02/16/2014)	1392508800 (02/16/2014)
advisory_location	GIT Repository	GIT Repository	GIT Repository
advisory_type	GIT Commit	GIT Commit	GIT Commit
advisory_url	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c919e1ca2ecfc47d796382973ba0e48b8f6f92a2	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c919e1ca2ecfc47d796382973ba0e48b8f6f92a2	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c919e1ca2ecfc47d796382973ba0e48b8f6f92a2
advisory_identifier	avcodec/msrle: use av_image_get_linesize() to calculate the linesize	avcodec/msrle: use av_image_get_linesize() to calculate the linesize	avcodec/msrle: use av_image_get_linesize() to calculate the linesize
person_name	Mateusz Jurczyk/Gynvael Coldwind	Mateusz Jurczyk/Gynvael Coldwind	Mateusz Jurczyk/Gynvael Coldwind
person_website	http://www.google.com	http://www.google.com	http://www.google.com
company_name	Google Security Team	Google Security Team	Google Security Team
price_0day	$0-$5k	$0-$5k	$0-$5k
countermeasure_name	Kari	Kari	Kari
countermeasure_patch_url	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c919e1ca2ecfc47d796382973ba0e48b8f6f92a2	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c919e1ca2ecfc47d796382973ba0e48b8f6f92a2	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c919e1ca2ecfc47d796382973ba0e48b8f6f92a2
source_secunia	57066	57066	57066
secunia_title	FFmpeg Multiple Vulnerabilities	FFmpeg Multiple Vulnerabilities	FFmpeg Multiple Vulnerabilities
secunia_risk	Less Critical	Less Critical	Less Critical
source_securityfocus	65671	65671	65671
securityfocus_title	FFmpeg Multiple Security Vulnerabilities	FFmpeg Multiple Security Vulnerabilities	FFmpeg Multiple Security Vulnerabilities
source_xforce	91254	91254	91254
xforce_title	FFmpeg msrle_decode_frame() denial of service	FFmpeg msrle_decode_frame() denial of service	FFmpeg msrle_decode_frame() denial of service
xforce_identifier	ffmpeg-msrledecodeframe-dos	ffmpeg-msrledecodeframe-dos	ffmpeg-msrledecodeframe-dos
xforce_risk	Medium Risk	Medium Risk	Medium Risk
source_seealso	12390 12391 12392 12393 12591	12390 12391 12392 12393 12591	12390 12391 12392 12393 12591
vulnerability_cwe	CWE-119 (Pufferüberlauf)	CWE-119 (Pufferüberlauf)	CWE-119 (Pufferüberlauf)
cvss2_vuldb_e	U	U	U
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_rc	C	C	C
cvss3_vuldb_e	U	U	U
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
0day_days	220	220	220
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	N	N	N
cvss3_vuldb_a	L	L	L
person_nickname		j00ru	j00ru
source_secunia_date		1392768000 (02/19/2014)	1392768000 (02/19/2014)
source_securityfocus_date		1392681600 (02/18/2014)	1392681600 (02/18/2014)
securityfocus_class		Boundary Condition Error	Boundary Condition Error
source_cve			CVE-2014-125013
cna_responsible			VulDB

◂ Gurɗo Gumti Gada ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!