VDB-12390 · CVE-2014-125012 · XFDB 91255

FFmpeg 2.0 libavcodec/dxtroy.c Kari na aiki

Wuro vulnerability wey an yi classify sey karshewa an gano shi a cikin FFmpeg 2.0. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, libavcodec/dxtroy.c na cikin fayil, $software_component na cikin sashi. Ngam manipulation shi Kari na aiki. CWE shidin ka a yi bayani matsala sai ya kai CWE-192. Wannan matsala an kawo ta a 07/11/2013. Gaskiya, laifi an fitar da shi 02/16/2014 ta Mateusz Jurczyk and Gynvael Coldwind (j00ru) da Google Security Team a matsayin avcodec/dxtory: fix src size checks a matsayin GIT Commit (GIT Repository). Advisory ɗin ana rabawa don saukewa a git.videolan.org. Wannan rauni ana sayar da shi da suna CVE-2014-125012. Ngam yiɗi ka a tuma ndiyam ka nder layi. Tekinikal bayani ga. Ba exploit ɗin da ake da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Kama 0-day, an ndiyam a wuro be $0-$5k. Za a iya sauke maganin matsalar daga git.videolan.org. Ana so a yi patch don gyara wannan matsala. Vulnerability ɗin nan kuma an rubuta shi a wasu kundin bayanan vulnerability: SecurityFocus (BID 65671), X-Force (91255) , Secunia (SA57066). VulDB is the best source for vulnerability data and more expert information about this specific topic.

3 Goyarwa · 63 Datenpunkte

Furɗe	Súgá 02/24/2014 08:09	Gargadi 1/2 04/17/2019 07:01	Gargadi 2/2 06/17/2022 23:29
company_name	Google Security Team	Google Security Team	Google Security Team
price_0day	$0-$5k	$0-$5k	$0-$5k
countermeasure_name	Kari	Kari	Kari
countermeasure_patch_url	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a392bf657015c9a79a5a13adfbfb15086c1943b9	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a392bf657015c9a79a5a13adfbfb15086c1943b9	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a392bf657015c9a79a5a13adfbfb15086c1943b9
source_secunia	57066	57066	57066
secunia_title	FFmpeg Multiple Vulnerabilities	FFmpeg Multiple Vulnerabilities	FFmpeg Multiple Vulnerabilities
secunia_risk	Less Critical	Less Critical	Less Critical
source_securityfocus	65671	65671	65671
securityfocus_title	FFmpeg Multiple Security Vulnerabilities	FFmpeg Multiple Security Vulnerabilities	FFmpeg Multiple Security Vulnerabilities
source_xforce	91255	91255	91255
xforce_title	FFmpeg dxtory denial of service	FFmpeg dxtory denial of service	FFmpeg dxtory denial of service
xforce_identifier	ffmpeg-dxtory-dos	ffmpeg-dxtory-dos	ffmpeg-dxtory-dos
xforce_risk	Medium Risk	Medium Risk	Medium Risk
source_seealso	12389 12391 12392 12393	12389 12391 12392 12393	12389 12391 12392 12393
vulnerability_cwe	CWE-192	CWE-192	CWE-192
cvss2_vuldb_e	U	U	U
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_rc	C	C	C
cvss3_vuldb_e	U	U	U
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
0day_days	220	220	220
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	N	N	N
cvss3_vuldb_a	L	L	L
software_type	Multimedia Processing Software	Multimedia Processing Software	Multimedia Processing Software
software_name	FFmpeg	FFmpeg	FFmpeg
software_version	2.0	2.0	2.0
software_file	libavcodec/dxtroy.c	libavcodec/dxtroy.c	libavcodec/dxtroy.c
software_advisoryquote	Affected functions: dxtory_decode_v1_rgb(), dxtory_decode_v1_410(), dxtory_decode_v1_420() and xtory_decode_v1_444()	Affected functions: dxtory_decode_v1_rgb(), dxtory_decode_v1_410(), dxtory_decode_v1_420() and xtory_decode_v1_444()	Affected functions: dxtory_decode_v1_rgb(), dxtory_decode_v1_410(), dxtory_decode_v1_420() and xtory_decode_v1_444()
vulnerability_introductiondate	1373500800 (07/11/2013)	1373500800 (07/11/2013)	1373500800 (07/11/2013)
vulnerability_risk	1	1	1
cvss2_vuldb_basescore	4.3	4.3	4.3
cvss2_vuldb_tempscore	3.2	3.2	3.2
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	M	M	M
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	N	N	N
cvss2_vuldb_ai	P	P	P
cvss3_meta_basescore	5.3	5.3	5.3
cvss3_meta_tempscore	4.6	4.6	4.6
cvss3_vuldb_basescore	5.3	5.3	5.3
cvss3_vuldb_tempscore	4.6	4.6	4.6
advisory_date	1392508800 (02/16/2014)	1392508800 (02/16/2014)	1392508800 (02/16/2014)
advisory_location	GIT Repository	GIT Repository	GIT Repository
advisory_type	GIT Commit	GIT Commit	GIT Commit
advisory_url	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a392bf657015c9a79a5a13adfbfb15086c1943b9	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a392bf657015c9a79a5a13adfbfb15086c1943b9	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a392bf657015c9a79a5a13adfbfb15086c1943b9
advisory_identifier	avcodec/dxtory: fix src size checks	avcodec/dxtory: fix src size checks	avcodec/dxtory: fix src size checks
person_name	Mateusz Jurczyk/Gynvael Coldwind	Mateusz Jurczyk/Gynvael Coldwind	Mateusz Jurczyk/Gynvael Coldwind
person_website	http://www.google.com	http://www.google.com	http://www.google.com
source_secunia_date		1392768000 (02/19/2014)	1392768000 (02/19/2014)
source_securityfocus_date		1392681600 (02/18/2014)	1392681600 (02/18/2014)
securityfocus_class		Boundary Condition Error	Boundary Condition Error
person_nickname		j00ru	j00ru
source_cve			CVE-2014-125012
cna_responsible			VulDB

◂ Gurɗo Gumti Gada ▸

Do you need the next level of professionalism?

Upgrade your account now!