Vulnerability Details : CVE-2014-9319
The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted .bit file.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2014-9319
Probability of exploitation activity in the next 30 days: 0.41%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 70 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-9319
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
nvd@nist.gov |
CWE ids for CVE-2014-9319
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-9319
-
https://security.gentoo.org/glsa/201603-06
FFmpeg: Multiple vulnerabilities (GLSA 201603-06) — Gentoo security
-
https://www.ffmpeg.org/security.html
FFmpeg SecurityVendor Advisory
-
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ea38e5a6b75706477898eb1e6582d667dbb9946c
git.videolan.org Git - ffmpeg.git/commit
Products affected by CVE-2014-9319
- cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.4.1:*:*:*:*:*:*:*