Lucene search

[email protected]CVE-2014-9676

HistoryFeb 28, 2015 - 1:59 a.m.

CVE-2014-9676

2015-02-2801:59:00

[email protected]

web.nvd.nist.gov

cve-2014-9676

libavformat

ffmpeg

denial of service

remote code execution

use after free

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.4%

JSON

The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service (“invalid memory handler”) and possibly execute arbitrary code via a crafted video that triggers a use after free.

Affected configurations

NVD

Node

ffmpegffmpegRange≤2.1.4

CPENameOperatorVersion
ffmpeg:ffmpegffmpegle2.1.4

CPE	Name	Operator	Version
ffmpeg:ffmpeg	ffmpeg	le	2.1.4

References

seclists.org/oss-sec/2015/q1/38

security.gentoo.org/glsa/201606-09

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.4%

JSON

Related for CVE-2014-9676

prion1 openvas1 nessus2 debiancve1 ubuntucve1 osv1 cvelist1 nvd1 debian1 gentoo1