CVE-2014-9318
Gentoo Linux Security Advisory 201603-06
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via a crafted .cine file that triggers the avpicture_get_size function to return a negative frame size.
La función raw_decode en libavcodec/rawdec.c en FFMpeg anterior a 2.1.6, 2.2.x hasta 2.3.x, y 2.4.x anterior a 2.4.4 permite a atacantes remotos causar una denegación de servicio (acceso a memoria dinámica fuera de rango) y posiblemente tener otro impacto no especificado a través de un fichero .cine manipulado que provoca que la función avpicture_get_size devuelve un tamaño de frame negativo.
Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. Versions less than 2.6.3 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-12-07 CVE Reserved
- 2014-12-09 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=1d3a3b9f8907625b361420d48fe05716859620ff | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201603-06 | 2023-11-07 | |
| https://www.ffmpeg.org/security.html | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | <= 2.1.5 Search vendor "Ffmpeg" for product "Ffmpeg" and version " <= 2.1.5" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 2.2 Search vendor "Ffmpeg" for product "Ffmpeg" and version "2.2" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 2.2.4 Search vendor "Ffmpeg" for product "Ffmpeg" and version "2.2.4" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 2.3 Search vendor "Ffmpeg" for product "Ffmpeg" and version "2.3" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 2.3.2 Search vendor "Ffmpeg" for product "Ffmpeg" and version "2.3.2" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 2.3.3 Search vendor "Ffmpeg" for product "Ffmpeg" and version "2.3.3" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 2.3.4 Search vendor "Ffmpeg" for product "Ffmpeg" and version "2.3.4" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 2.3.5 Search vendor "Ffmpeg" for product "Ffmpeg" and version "2.3.5" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 2.4 Search vendor "Ffmpeg" for product "Ffmpeg" and version "2.4" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 2.4.1 Search vendor "Ffmpeg" for product "Ffmpeg" and version "2.4.1" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 2.4.2 Search vendor "Ffmpeg" for product "Ffmpeg" and version "2.4.2" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 2.4.3 Search vendor "Ffmpeg" for product "Ffmpeg" and version "2.4.3" | - |
Affected
| ||||||