CVE-2014-125014
Published: 18 June 2022
A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is an unknown functionality of the component HEVC Video Decoder. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
ffmpeg Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
(debian: Fixed before re-introduction to Debian as src:ffmpeg)
|
| bionic |
Not vulnerable
(7:3.4.2-2)
|
|
| focal |
Not vulnerable
(7:4.2.2-1ubuntu1)
|
|
| impish |
Not vulnerable
(7:4.2.2-1ubuntu1)
|
|
| jammy |
Not vulnerable
(7:4.4.1-3ubuntu5)
|
|
| xenial |
Not vulnerable
(7:2.8.6-1ubuntu2)
|
|
|
Patches: upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=d1e6602665 |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |