Your submission was sent successfully! Close

CVE-2014-4609

Published: 14 January 2020

Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows remote attackers to execute arbitrary code via a crafted Literal Run.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
libav
Launchpad, Ubuntu, Debian
lucid Does not exist

precise
Released (4:0.8.13-0ubuntu0.12.04.1 )
trusty Does not exist
(trusty was released [6:9.14-0ubuntu0.14.04.1])
upstream
Released (6:10.2-1)
Patches:
upstream: http://git.libav.org/?p=libav.git;a=commit;h=ccda51b14c0fcae2fad73a24872dce75a7964996