VDB-12302 · CVE-2014-125024 · XFDB 91082

FFmpeg 2.0 lag_decode_frame memory corruption

A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function lag_decode_frame. The manipulation leads to memory corruption. Using CWE to declare the problem leads to CWE-119. The issue has been introduced in 07/11/2013. The weakness was disclosed 02/06/2014 as lagarith: reallocate rgb_planes when needed as GIT Commit (GIT Repository). The advisory is available at git.videolan.org. This vulnerability is handled as CVE-2014-125024. The attack may be launched remotely. Technical details are available. There is no exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. The vulnerability was handled as a non-public zero-day exploit for at least 210 days. As 0-day the estimated underground price was around $0-$5k. The bugfix is ready for download at git.videolan.org. It is recommended to apply a patch to fix this issue. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: X-Force (91082) and Secunia (SA56838).

Field	02/14/2014 09:18	04/16/2019 11:36	06/18/2022 08:28
name	FFmpeg	FFmpeg	FFmpeg
version	2.0	2.0	2.0
function	lag_decode_frame	lag_decode_frame	lag_decode_frame
introductiondate	1373500800	1373500800	1373500800
risk	2	2	2
cvss2_vuldb_basescore	6.8	6.8	6.8
cvss2_vuldb_tempscore	5.0	5.0	5.0
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	M	M	M
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss3_meta_basescore	7.3	7.3	7.3
cvss3_meta_tempscore	6.4	6.4	6.4
cvss3_vuldb_basescore	7.3	7.3	7.3
cvss3_vuldb_tempscore	6.4	6.4	6.4
date	1391644800 (02/06/2014)	1391644800 (02/06/2014)	1391644800 (02/06/2014)
location	GIT Repository	GIT Repository	GIT Repository
type	GIT Commit	GIT Commit	GIT Commit
url	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4c3e1956ee	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4c3e1956ee	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4c3e1956ee
identifier	lagarith: reallocate rgb_planes when needed	lagarith: reallocate rgb_planes when needed	lagarith: reallocate rgb_planes when needed
price_0day	$0-$5k	$0-$5k	$0-$5k
name	Patch	Patch	Patch
date	1391644800 (02/06/2014)	1391644800 (02/06/2014)	1391644800 (02/06/2014)
patch_url	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4c3e1956ee	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4c3e1956ee	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4c3e1956ee
xforce	91082	91082	91082
seealso	12293 12294 12295 12296 12297 12298 12299 12300 12301 12303	12293 12294 12295 12296 12297 12298 12299 12300 12301 12303	12293 12294 12295 12296 12297 12298 12299 12300 12301 12303
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss2_vuldb_e	U	U	U
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_rc	C	C	C
cvss3_vuldb_e	U	U	U
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
0day_days	210	210	210
cvss3_vuldb_av	N	N	N
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
type		Multimedia Processing Software	Multimedia Processing Software
secunia		56838	56838
secunia_title		FFmpeg Multiple Vulnerabilities	FFmpeg Multiple Vulnerabilities
secunia_risk	Moderately Critical	Moderately Critical	Moderately Critical
xforce_title		FFmpeg lag_decode_frame() code execution	FFmpeg lag_decode_frame() code execution
xforce_identifier		ffmpeg-lagdecodeframe-code-exec	ffmpeg-lagdecodeframe-code-exec
xforce_risk	Medium Risk	Medium Risk	Medium Risk
cwe	0	119 (memory corruption)	119 (memory corruption)
cve			CVE-2014-125024
responsible			VulDB

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!