CVE-2014-2097
Published Mar 2, 2014
Last updated a year ago
Overview
- Description
- The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted TAK (aka Tom's lossless Audio Kompressor) data.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-20
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ACEB2D09-F3C6-4BBF-8C6B-48EFE65E1943",
"versionEndIncluding": "2.1.3"
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A1337F5B-E9D9-4335-9E05-50018E59E530"
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0B27C609-E4B4-41CD-B228-38267AA3A8AB"
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C97DBEE2-AF4E-4C2D-A185-F2A1B965D9DA"
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FDEDAA24-D9E0-4384-B193-0C8814E4FDD6"
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B70C00A9-3562-45AB-B494-3BA91B6AFC3E"
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A30389D2-2873-4F15-B249-066B6D37AC23"
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0487928D-6630-4E23-BBA5-BED0A0F156B1"
}
],
"operator": "OR"
}
]
}
]