CVE-2014-4609

Published: 14 January 2020

Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows remote attackers to execute arbitrary code via a crafted Literal Run.

Priority

CVSS 3 base score: 8.8

Status

Package	Release	Status
libav Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Released (4:0.8.13-0ubuntu0.12.04.1 )
	trusty	Does not exist (trusty was released [6:9.14-0ubuntu0.14.04.1])
	upstream	Released (6:10.2-1)
	Patches: upstream: http://git.libav.org/?p=libav.git;a=commit;h=ccda51b14c0fcae2fad73a24872dce75a7964996

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4609
http://git.libav.org/?p=libav.git;a=commit;h=ccda51b14c0fcae2fad73a24872dce75a7964996
https://ubuntu.com/security/notices/USN-2277-1
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2014-4609

Medium

Status

References

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading