CVE-2014-5272 — Vulnetix

CVE-2014-5272 PUBLISHED CVSS 6.800000190734863 MEDIUM

libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats.

EPSS 3.79% · 88.3th percentile

Risk Scores

CVSS 2.0

6.800000190734863

EPSS Score

3.79%

88.3th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	*
ffmpeg	ffmpeg	0, 1.1, 1.1.1

Exploit Intelligence

http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=abc1fa7c5a1dca1345b9471b81cfcda00c56220d (circl)
GLSA-201603-06 (circl)
[oss-security] 20140816 Re: CVE request: FFmpeg issues (circl)
https://www.ffmpeg.org/security.html (circl)

Timeline

Nov 3, 2014 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 25, 2023 EPSS Score
Jul 16, 2023 EPSS Score
Sep 7, 2023 EPSS Score

References

https://www.ffmpeg.org/security.html technical
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=abc1fa7c5a1dca1345b9471b81cfcda00c56220d url
GLSA-201603-06 vendor-advisory
[oss-security] 20140816 Re: CVE request: FFmpeg issues mailing-list
https://nvd.nist.gov/vuln/detail/CVE-2014-5272 advisory
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=abc1fa7c5a1dca1345b9471b81cfcda00c56220d url

Open in Interactive Console →