Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-9676
HistoryFeb 28, 2015 - 12:00 a.m.

CVE-2014-9676

2015-02-2800:00:00
ubuntu.com
ubuntu.com
22

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.009

Percentile

82.4%

The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and
earlier does not free the correct memory location, which allows remote
attackers to cause a denial of service (“invalid memory handler”) and
possibly execute arbitrary code via a crafted video that triggers a use
after free.

Notes

Author Note
tyhicks from what I can tell, libav 9.0 to 11.1 is affected with upstream git commit eb447d515956b3ce182d9750083131735f00324c introducing the issue
OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchlibav< 6:9.20-0ubuntu0.14.04.1+esm1UNKNOWN

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.009

Percentile

82.4%