CVE-2014-5272 — Vulnetix

Try Vulnetix Request Demo

CVE-2014-5272 PUBLISHED CVSS 6.800000190734863 MEDIUM

libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats.

EPSS 2.73% · 85.8th percentile

Risk Scores

CVSS v2.0

6.800000190734863

EPSS Score

2.73%

85.8th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
ffmpeg	ffmpeg	0, 1.1, 1.1.1

Timeline

Nov 3, 2014 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Aug 31, 2023 EPSS Score

References

https://www.ffmpeg.org/security.html technical
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=abc1fa7c5a1dca1345b9471b81cfcda00c56220d url
GLSA-201603-06 vendor-advisory
[oss-security] 20140816 Re: CVE request: FFmpeg issues mailing-list
https://nvd.nist.gov/vuln/detail/CVE-2014-5272 advisory
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=abc1fa7c5a1dca1345b9471b81cfcda00c56220d url

Open in Interactive Console →