Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9676

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2014-9676
Last Modified 02 Mar 2015 03:20:22
Published 27 Feb 2015 08:59:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-9676

Summary

The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free.

Vulnerable Systems

Application

  • Ffmpeg 2.1.4


References

MLIST - [oss-security] 20150104 Vulnerability Report - from QIHU 360 China


Last Updated: 27 May 2016 11:07:57