Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9602

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-9602
Last Modified 20 Jan 2015 12:21:43
Published 16 Jan 2015 03:59:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9602

Summary

libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that do not satisfy a required mathematical relationship, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted X-Face image data.

Vulnerable Systems

Application

  • Ffmpeg 2.5.1


References

CONFIRM - http://git.videolan.org/?p=ffmpeg.git;a=commit;h=93a5a16f136d095d23610f57bdad10ba88120fba


Last Updated: 27 May 2016 11:07:34