CVE-2014-125004

EPSS 0.16%
Veröffentlicht 18.06.2022 07:15:07
Zuletzt bearbeitet 21.11.2024 02:03:33
Quelle cna@vuldb.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been found in FFmpeg 2.0 and classified as problematic. This vulnerability affects the function decode_hextile of the file libavcodec/vmnc.c. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ffmpeg ≫ Ffmpeg Version2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.377

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P
cna@vuldb.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=6ba02602aa7fc7d38db582e75b8b093fb3c1608d

https://vuldb.com/?id.12586

Third Party Advisory

VDB Entry

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2014-125004

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-125004

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-125004

EUVD