Vulnerability Details : CVE-2014-125010
A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function decode_slice_header of the file libavcodec/h64.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2014-125010
- cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-125010
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 35 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-125010
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.9
|
1.4
|
VulDB | |
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2014-125010
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: cna@vuldb.com (Secondary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-125010
-
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=91253839e14cce9793ee93f184cef609ca8195d5
git.videolan.org Git - ffmpeg.git/commitPatch;Third Party Advisory
-
https://vuldb.com/?id.12392
CVE-2014-125010 | FFmpeg h64.c decode_slice_header memory corruption (BID-65671 / XFDB-91257)Third Party Advisory;VDB Entry
Jump to