Lucene search
MitreCVE-2014-10024HistoryJan 13, 2015 - 11:59 a.m.
CVE-2014-10024
2015-01-1311:59:31
CWE-189
mitre
web.nvd.nist.gov
23
cve-2014-10024
integer signedness errors
directshowdemuxfilter
divx web player
divx player
divx plugins
arbitrary code execution
heap-based buffer overflow
avi file
nvd
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8
Confidence
High
EPSS
0.056
Percentile
93.4%
Multiple integer signedness errors in DirectShowDemuxFilter, as used in Divx Web Player, Divx Player, and other Divx plugins, allow remote attackers to execute arbitrary code via a (1) negative or (2) large value in a Stream Format (STRF) chunk in an AVI file, which triggers a heap-based buffer overflow.
Affected configurations
Node
divxdirectshowdemuxfilter
divxplayer
ORdivxweb_player
| Vendor | Product | Version | CPE |
|---|---|---|---|
| divx | directshowdemuxfilter | * | cpe:2.3:a:divx:directshowdemuxfilter:*:*:*:*:*:*:*:* |
| divx | player | * | cpe:2.3:a:divx:player:*:*:*:*:*:*:*:* |
| divx | web_player | * | cpe:2.3:a:divx:web_player:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2014-10024
2015-01-13 11:00:00
nvd
nvd
CVE-2014-10024
2015-01-13 11:59:31
prion
prion
Integer overflow
2015-01-13 11:59:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8
Confidence
High
EPSS
0.056
Percentile
93.4%
Related for CVE-2014-10024