Main Vulnerability Database SB2014110503

SB2014110503 - Multiple vulnerabilities in ffmpeg.sourceforge.net FFmpeg

Published: November 5, 2014 Updated: August 10, 2020

Security Bulletin ID SB2014110503

Severity

Medium

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2014-8545)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted PNG data.

2) Input validation error (CVE-ID: CVE-2014-8546)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data.

3) Input validation error (CVE-ID: CVE-2014-8549)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data.

Remediation

Install update from vendor's website.

SB2014110503 - Multiple vulnerabilities in ffmpeg.sourceforge.net FFmpeg

Breakdown by Severity

Description

Remediation

References