CVE-2014-9317

Published Dec 9, 2014

Last updated a year ago

CVSS info 7.5

Overview

Description: The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via an IDAT before an IHDR in a PNG file.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DD2B585-5D64-46DE-ACB0-214E146A3C48",
            "versionEndIncluding": "2.1.5"
          },
          {
            "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B08A7BE-7C98-4659-808F-86A8EB4676D2"
          },
          {
            "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE9CF7C7-3730-43EC-B63E-B004D979E57A"
          },
          {
            "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "207DF654-326E-43A9-A5EC-BC239BF30422"
          },
          {
            "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B50AB2A-FA23-4BB0-AA21-724E770ADEFB"
          },
          {
            "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94BC4C82-371C-4B80-A615-AE0F15F1D6CA"
          },
          {
            "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0E114D7-1323-4965-9680-8638ACDFF20B"
          },
          {
            "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7BBF39F-668E-4771-99A0-F008B18B03F5"
          },
          {
            "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3E41754-D2AB-4DE1-9ED9-A88F5E28ABFF"
          },
          {
            "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14D1738D-D85A-4650-9DAB-C626E7F52812"
          },
          {
            "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A91B8DD5-FB80-47E7-8AF3-57D72CD4D034"
          },
          {
            "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1ADB969-FA62-4238-83DF-D5703603A9FE"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References