FFmpeg 2.0 libavcodec/vmnc.c decode_hextile ବଫର୍ ଓଭରଫ୍ଲୋ

Dogoggorri kan akka ସମସ୍ୟାଜନକ jedhamuun ramadame FFmpeg 2.0 keessatti argameera. Miidhaan irra gahe is hojii decode_hextile faayilii libavcodec/vmnc.c keessa. Dhugumatti jijjiirraa gara ବଫର୍ ଓଭରଫ୍ଲୋ geessa. Waliigalteewwan CWE fayyadamuun rakkoo ibsuun gara CWE-119 si geessa. Qabiyyeen kun 07/11/2013 irratti galmaa’eera. Beekumsi kun yeroo 01/20/2014 ifoomsifameera kan ifoomsise Mateusz Jurczyk and Gynvael Coldwind waliin Google Security Team akka avcodec/vmnc: Check that rectangles are within the picture akka GIT Commit (GIT Repository). Odeeffannoon kun buufachuuf git.videolan.org irratti dhiyaateera. Dogoggorri kun maqaa CVE-2014-125004 jedhuun tajaajilama. Weerara fageenya irraa jalqabuun ni danda'ama. Odeeffannoon teeknikaa ni argama. Meeshaa balaa kana fayyadamuuf hin argamne. Yeroo ammaa, gatii exploit might be approx. USD $0-$5k beekamuu danda'a. Hanqinni kun guyyoota 193 ol tajaajila zero-day kan hin beekkaminitti fayyadamee ture. Waggaa 0-day ta'ee, gatiin isaa daldala dhoksaa keessatti $0-$5k jedhamee tilmaamame. Sirreeffamni dogoggoraa git.videolan.org irraa buufachuuf jira. Rakkoo kana furuuf paachii fe'uun ni gorfama. Hanqinni kun bu'uuraalee odeeffannoo hanqina biroo keessatti illee galmaa'ee jira: X-Force (91659) , Secunia (SA57282). Once again VulDB remains the best source for vulnerability data.

3 ଆଡାପ୍ଟେସନ୍ · 58 ପଏଣ୍ଟ

ଫିଲ୍ଡସୃଷ୍ଟି ହୋଇଛି
03/13/2014 03:24 PM		ଅଦ୍ୟତନ 1/2
04/17/2019 08:37 AM		ଅଦ୍ୟତନ 2/2
06/17/2022 11:19 PM
software_nameFFmpegFFmpegFFmpeg
software_version2.02.02.0
software_filelibavcodec/vmnc.clibavcodec/vmnc.clibavcodec/vmnc.c
software_functiondecode_hextiledecode_hextiledecode_hextile
vulnerability_introductiondate1373500800 (07/11/2013)1373500800 (07/11/2013)1373500800 (07/11/2013)
vulnerability_risk111
cvss2_vuldb_basescore4.34.34.3
cvss2_vuldb_tempscore3.23.23.2
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss3_meta_basescore5.35.35.3
cvss3_meta_tempscore4.64.64.6
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore4.64.64.6
advisory_date1390176000 (01/20/2014)1390176000 (01/20/2014)1390176000 (01/20/2014)
advisory_locationGIT RepositoryGIT RepositoryGIT Repository
advisory_typeGIT CommitGIT CommitGIT Commit
advisory_urlhttp://git.videolan.org/?p=ffmpeg.git;a=commit;h=6ba02602aa7fc7d38db582e75b8b093fb3c1608dhttp://git.videolan.org/?p=ffmpeg.git;a=commit;h=6ba02602aa7fc7d38db582e75b8b093fb3c1608dhttp://git.videolan.org/?p=ffmpeg.git;a=commit;h=6ba02602aa7fc7d38db582e75b8b093fb3c1608d
advisory_identifieravcodec/vmnc: Check that rectangles are within the pictureavcodec/vmnc: Check that rectangles are within the pictureavcodec/vmnc: Check that rectangles are within the picture
person_nameMateusz Jurczyk/Gynvael ColdwindMateusz Jurczyk/Gynvael ColdwindMateusz Jurczyk/Gynvael Coldwind
person_websitehttp://www.google.comhttp://www.google.comhttp://www.google.com
company_nameGoogle Security TeamGoogle Security TeamGoogle Security Team
price_0day$0-$5k$0-$5k$0-$5k
countermeasure_nameପ୍ୟାଚ୍ପ୍ୟାଚ୍ପ୍ୟାଚ୍
countermeasure_patch_urlhttp://git.videolan.org/?p=ffmpeg.git;a=commit;h=6ba02602aa7fc7d38db582e75b8b093fb3c1608dhttp://git.videolan.org/?p=ffmpeg.git;a=commit;h=6ba02602aa7fc7d38db582e75b8b093fb3c1608dhttp://git.videolan.org/?p=ffmpeg.git;a=commit;h=6ba02602aa7fc7d38db582e75b8b093fb3c1608d
source_xforce916599165991659
source_seealso12582 12583 12584 1258812582 12583 12584 1258812582 12583 12584 12588
cvss2_vuldb_eUUU
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eUUU
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
0day_days193193193
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
software_typeMultimedia Processing SoftwareMultimedia Processing Software
source_secunia5728257282
source_secunia_date1394150400 (03/07/2014)1394150400 (03/07/2014)
secunia_titleFFmpeg Multiple VulnerabilitiesFFmpeg Multiple Vulnerabilities
secunia_riskLess CriticalLess CriticalLess Critical
xforce_titleFFmpeg decode_hextile() denial of serviceFFmpeg decode_hextile() denial of service
xforce_identifierffmpeg-decodehextile-dosffmpeg-decodehextile-dos
xforce_riskMedium RiskMedium RiskMedium Risk
vulnerability_cweCWE-119 (ବଫର୍ ଓଭରଫ୍ଲୋ)CWE-119 (ବଫର୍ ଓଭରଫ୍ଲୋ)
source_cveCVE-2014-125004
cna_responsibleVulDB

ପଛକୁସମୀକ୍ଷାଆହୁରି ଦୂରରେ

Interested in the pricing of exploits?

See the underground prices here!