Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9603


Vulnerability Score 7.5 7.5
CVE Id CVE-2014-9603
Last Modified 20 Jan 2015 12:23:39
Published 16 Jan 2015 03:59:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.5.2 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Sierra VMD video data.

Vulnerable Systems


  • Ffmpeg 2.5.1


CONFIRM -;a=commit;h=3030fb7e0d41836f8add6399e9a7c7b740b48bfd

Last Updated: 27 May 2016 11:07:34