Lucene search

K
cve[email protected]CVE-2014-2097
HistoryMar 02, 2014 - 4:57 a.m.

CVE-2014-2097

2014-03-0204:57:25
CWE-20
web.nvd.nist.gov
28
information security
cve-2014-2097
libavcodec
tak_decode_frame
denial of service
out-of-bounds array access
tak
ffmpeg
nvd

8.9 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.3%

The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted TAK (aka Tom’s lossless Audio Kompressor) data.

Affected configurations

NVD
Node
ffmpegffmpegRange≀2.1.3
OR
ffmpegffmpegMatch2.0
OR
ffmpegffmpegMatch2.0.1
OR
ffmpegffmpegMatch2.0.2
OR
ffmpegffmpegMatch2.0.3
OR
ffmpegffmpegMatch2.1
OR
ffmpegffmpegMatch2.1.1
OR
ffmpegffmpegMatch2.1.2

8.9 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.3%