VDB-12585 · CVE-2014-125005 · XFDB 91658

FFmpeg 2.0 mpeg4videodec.c decode_vol_header ବଫର୍ ଓଭରଫ୍ଲୋ

Rakkoon nageenyaa kan ସମସ୍ୟାଜନକ jedhamuun beekamu FFmpeg 2.0 keessatti argameera. Kan miidhamte is hojii decode_vol_header faayilii libavcodec/mpeg4videodec.c keessa. Hojii jijjiirraa gara ବଫର୍ ଓଭରଫ୍ଲୋ geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-119 geessa. Rakkoon kun 07/11/2013 keessatti dhihaateera. Dadhabbii kana yeroo 02/20/2014 maxxanfameera kan maxxansiise Mateusz Jurczyk and Gynvael Coldwind waliin Google Security Team akka avcodec/mpeg4videodec: Check for bitstream overread in decode_vol_header() akka GIT Commit (GIT Repository). Odeeffannoon kun buufachuuf git.videolan.org irratti qoodameera. Dogoggorri kun akka CVE-2014-125005tti beekama. Yaaliin weeraraa fageenya irraa jalqabamuu ni danda'a. Faayidaaleen teeknikaa ni jiru. Meeshaa balaa kana fayyadamuuf hin jiru. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Hanqinni kun guyyoota 224 caalaa akka zero-day kan ummataaf hin ifneetti fayyadamee ture. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $0-$5k ta'ee ture. Sirreeffamni rakkoo git.videolan.org irratti buufachuuf qophaa’eera. Paachii itti fayyadamuun rakkoo kana furuuf ni gorfama. Hanqinni kunis bu'uuraalee odeeffannoo hanqina biroo keessatti galmaa'ee jira: X-Force (91658). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

3 ଆଡାପ୍ଟେସନ୍ · 54 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 03/13/2014 03:24 PM	ଅଦ୍ୟତନ 1/2 04/17/2019 08:27 AM	ଅଦ୍ୟତନ 2/2 06/17/2022 11:20 PM
software_name	FFmpeg	FFmpeg	FFmpeg
software_version	2.0	2.0	2.0
software_file	libavcodec/mpeg4videodec.c	libavcodec/mpeg4videodec.c	libavcodec/mpeg4videodec.c
software_function	decode_vol_header	decode_vol_header	decode_vol_header
vulnerability_introductiondate	1373500800 (07/11/2013)	1373500800 (07/11/2013)	1373500800 (07/11/2013)
vulnerability_risk	1	1	1
cvss2_vuldb_basescore	4.3	4.3	4.3
cvss2_vuldb_tempscore	3.2	3.2	3.2
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	M	M	M
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	N	N	N
cvss2_vuldb_ai	P	P	P
cvss3_meta_basescore	5.3	5.3	5.3
cvss3_meta_tempscore	4.6	4.6	4.6
cvss3_vuldb_basescore	5.3	5.3	5.3
cvss3_vuldb_tempscore	4.6	4.6	4.6
advisory_date	1392854400 (02/20/2014)	1392854400 (02/20/2014)	1392854400 (02/20/2014)
advisory_location	GIT Repository	GIT Repository	GIT Repository
advisory_type	GIT Commit	GIT Commit	GIT Commit
advisory_url	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3edc3b159503d512c919b3d5902f7026e961823a	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3edc3b159503d512c919b3d5902f7026e961823a	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3edc3b159503d512c919b3d5902f7026e961823a
advisory_identifier	avcodec/mpeg4videodec: Check for bitstream overread in decode_vol_header()	avcodec/mpeg4videodec: Check for bitstream overread in decode_vol_header()	avcodec/mpeg4videodec: Check for bitstream overread in decode_vol_header()
person_name	Mateusz Jurczyk/Gynvael Coldwind	Mateusz Jurczyk/Gynvael Coldwind	Mateusz Jurczyk/Gynvael Coldwind
person_website	http://www.google.com	http://www.google.com	http://www.google.com
company_name	Google Security Team	Google Security Team	Google Security Team
price_0day	$0-$5k	$0-$5k	$0-$5k
countermeasure_name	ପ୍ୟାଚ୍	ପ୍ୟାଚ୍	ପ୍ୟାଚ୍
countermeasure_patch_url	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3edc3b159503d512c919b3d5902f7026e961823a	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3edc3b159503d512c919b3d5902f7026e961823a	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3edc3b159503d512c919b3d5902f7026e961823a
source_xforce	91658	91658	91658
source_seealso	12589 12588 12587 12586 12584 12583 12582	12589 12588 12587 12586 12584 12583 12582	12589 12588 12587 12586 12584 12583 12582
cvss2_vuldb_e	U	U	U
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_rc	C	C	C
cvss3_vuldb_e	U	U	U
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
0day_days	224	224	224
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	N	N	N
cvss3_vuldb_a	L	L	L
software_type		Multimedia Processing Software	Multimedia Processing Software
xforce_title		FFmpeg decode_vol_header() denial of service	FFmpeg decode_vol_header() denial of service
xforce_identifier		ffmpeg-decodevolheader-dos	ffmpeg-decodevolheader-dos
xforce_risk	Medium Risk	Medium Risk	Medium Risk
vulnerability_cwe		CWE-119 (ବଫର୍ ଓଭରଫ୍ଲୋ)	CWE-119 (ବଫର୍ ଓଭରଫ୍ଲୋ)
source_cve			CVE-2014-125005
cna_responsible			VulDB

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Might our Artificial Intelligence support you?

Check our Alexa App!