CVE-2014-2098

Published Mar 2, 2014

Last updated 3 months ago

CVSS info 6.8

Overview

Description: libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted WMA data.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ACEB2D09-F3C6-4BBF-8C6B-48EFE65E1943",
            "versionEndIncluding": "2.1.3"
          },
          {
            "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1337F5B-E9D9-4335-9E05-50018E59E530"
          },
          {
            "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B27C609-E4B4-41CD-B228-38267AA3A8AB"
          },
          {
            "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C97DBEE2-AF4E-4C2D-A185-F2A1B965D9DA"
          },
          {
            "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDEDAA24-D9E0-4384-B193-0C8814E4FDD6"
          },
          {
            "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B70C00A9-3562-45AB-B494-3BA91B6AFC3E"
          },
          {
            "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A30389D2-2873-4F15-B249-066B6D37AC23"
          },
          {
            "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0487928D-6630-4E23-BBA5-BED0A0F156B1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References