Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9602


Vulnerability Score 7.5 7.5
CVE Id CVE-2014-9602
Last Modified 20 Jan 2015 12:21:43
Published 16 Jan 2015 03:59:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that do not satisfy a required mathematical relationship, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted X-Face image data.

Vulnerable Systems


  • Ffmpeg 2.5.1


CONFIRM -;a=commit;h=93a5a16f136d095d23610f57bdad10ba88120fba

Last Updated: 27 May 2016 11:07:34