5.5
CVE-2015-1208
- EPSS 1.49%
- Veröffentlicht 09.01.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 02:24:53
- Quelle chrome-cve-admin@google.com
- CVE-Watchlists
- Unerledigt
Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.49% | 0.706 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-191 Integer Underflow (Wrap or Wraparound)
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3ebd76a9c57558e284e94da367dd23b435e6a6d0
https://bugs.chromium.org/p/chromium/issues/detail?id=444546
https://github.com/FFmpeg/FFmpeg/blob/n2.4.6/Changelog