Lucene search

MitreCVE-2014-9449

HistoryJan 02, 2015 - 8:59 p.m.

CVE-2014-9449

2015-01-0220:59:08

CWE-119

mitre

web.nvd.nist.gov

cve-2014-9449

buffer overflow

riffvideo

infotagshandler

exiv2 0.24

denial of service

avi file

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.5

Confidence

Low

EPSS

0.028

Percentile

90.9%

JSON

Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file.

Affected configurations

Nvd

Node

exiv2exiv2Match0.24

Node

fedoraprojectfedoraMatch21

VendorProductVersionCPE
exiv2exiv20.24cpe:2.3:a:exiv2:exiv2:0.24:*:*:*:*:*:*:*
fedoraprojectfedora21cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
exiv2	exiv2	0.24	cpe:2.3:a:exiv2:exiv2:0.24:::::::*
fedoraproject	fedora	21	cpe:2.3:o:fedoraproject:fedora:21:::::::*

References

dev.exiv2.org/issues/960

dev.exiv2.org/projects/exiv2/repository/diff?rev=3264&rev_to=3263

lists.fedoraproject.org/pipermail/package-announce/2015-January/148382.html

secunia.com/advisories/61801

www.securityfocus.com/bid/71912

www.ubuntu.com/usn/USN-2454-1

security.gentoo.org/glsa/201507-03

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.5

Confidence

Low

EPSS

0.028

Percentile

90.9%

JSON

Related for CVE-2014-9449