Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-10024


Vulnerability Score 7.5 7.5
CVE Id CVE-2014-10024
Last Modified 13 Jan 2015 07:30:53
Published 13 Jan 2015 06:59:31
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Multiple integer signedness errors in DirectShowDemuxFilter, as used in Divx Web Player, Divx Player, and other Divx plugins, allow remote attackers to execute arbitrary code via a (1) negative or (2) large value in a Stream Format (STRF) chunk in an AVI file, which triggers a heap-based buffer overflow.

Vulnerable Systems


  • Divx Directshowdemuxfilter

  • Divx Player

  • Divx Web Player


BID - 67086

FULLDISC - 20140426 Divx plugin suite heap-based buffer overflow

Last Updated: 27 May 2016 11:07:31