CVE-2014-9604

libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions.

Published: Jan 16, 2015
Updated: Apr 13, 2023
CVE: CVE-2014-9604
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-189

Affected Software
References

Software	From	Fixed in
ffmpeg / ffmpeg	-	2.5.1.x
canonical / ubuntu_linux	12.04	12.04.x

http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3881606240953b9275a247a1c98a567f3c44890f
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3881606240953b9275a247a1c98a567f3c44890f
http://www.ubuntu.com/usn/USN-2534-1
https://security.gentoo.org/glsa/201603-06

Vulnerability Database

289,697

CVE-2014-9604