EUVD-2014-2137

Malware in sbrugna...

FFmpeg及Libav 'tak_decode_frame()' 函数越界拒绝服务漏洞

BUGTRAQ ID: 66055 CVECAN ID: CVE-2014-2097 FFmpeg是一个免费的可以执行音讯和视讯多种格式的录影、转档、串流功能的软件。 FFmpeg及Libav 2.1.4之前版本libavcodec/takdec.c内的takdecodeframe函数没有正确验证某个bits-per-sample值，这可使远程攻击者通过特制的TAK数据，利用此漏洞造成拒绝服务（越界数组访问）。 0 FFmpeg FFmpeg 2.1.4 厂商补丁： FFmpeg ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

CVE-2014-2097

The takdecodeframe function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted TAK aka Tom's lossless...

CVE-2014-2097

The takdecodeframe function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted TAK aka Tom's lossless...

CVE-2014-2097

CVE-2014-2097 affects FFmpeg’s tak_decode_frame in libavcodec/takdec.c, where insufficient validation of bits-per-sample enables remote attackers to trigger a denial of service via crafted TAK data (out-of-bounds access). The Initial Description confirms the vulnerability and its impact. Connecte...