Lucene search

[email protected]NVD:CVE-2014-10024

HistoryJan 13, 2015 - 11:59 a.m.

CVE-2014-10024

2015-01-1311:59:31

CWE-189

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

High

EPSS

0.056

Percentile

93.4%

JSON

Multiple integer signedness errors in DirectShowDemuxFilter, as used in Divx Web Player, Divx Player, and other Divx plugins, allow remote attackers to execute arbitrary code via a (1) negative or (2) large value in a Stream Format (STRF) chunk in an AVI file, which triggers a heap-based buffer overflow.

Affected configurations

Nvd

Node

divxdirectshowdemuxfilter

AND

divxplayer

divxweb_player

VendorProductVersionCPE
divxdirectshowdemuxfilter*cpe:2.3:a:divx:directshowdemuxfilter:*:*:*:*:*:*:*:*
divxplayer*cpe:2.3:a:divx:player:*:*:*:*:*:*:*:*
divxweb_player*cpe:2.3:a:divx:web_player:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
divx	directshowdemuxfilter	*	cpe:2.3:a:divx:directshowdemuxfilter::::::::
divx	player	*	cpe:2.3:a:divx:player::::::::
divx	web_player	*	cpe:2.3:a:divx:web_player::::::::

References

seclists.org/fulldisclosure/2014/Apr/283

www.securityfocus.com/bid/67086

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

High

EPSS

0.056

Percentile

93.4%

JSON

Related for NVD:CVE-2014-10024

cvelist1 prion1 cve1