Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2299

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2014-2299
Last Modified 15 May 2015 10:01:09
Published 11 Mar 2014 09:01:10
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2299

Summary

Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.

Vulnerable Systems

Application

  • Wireshark 1.10.0

  • Wireshark 1.10.1

  • Wireshark 1.10.2

  • Wireshark 1.10.3

  • Wireshark 1.10.4

  • Wireshark 1.10.5

  • Wireshark 1.8.0

  • Wireshark 1.8.1

  • Wireshark 1.8.10

  • Wireshark 1.8.11

  • Wireshark 1.8.12

  • Wireshark 1.8.2

  • Wireshark 1.8.3

  • Wireshark 1.8.4

  • Wireshark 1.8.5

  • Wireshark 1.8.6

  • Wireshark 1.8.7

  • Wireshark 1.8.8

  • Wireshark 1.8.9


References

CONFIRM - https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f567435ac7140c96a5de56dbce3d5e7659af4d09

CONFIRM - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9843

CONFIRM - http://www.wireshark.org/security/wnpa-sec-2014-04.html

DEBIAN - DSA-2871

SUSE - openSUSE-SU-2014:0383

SUSE - openSUSE-SU-2014:0382

SECUNIA - 57489

SECUNIA - 57480

REDHAT - RHSA-2014:0342

REDHAT - RHSA-2014:0341

EXPLOIT-DB - 33069

MISC - http://packetstormsecurity.com/files/126337/Wireshark-1.8.12-1.10.5-wiretap-mpeg.c-Stack-Buffer-Overflow.html

OSVDB - 104199

SECTRACK - 1029907

BID - 66066


Last Updated: 27 May 2016 11:05:02