Your submission was sent successfully! Close

CVE-2014-9604

Published: 16 January 2015

libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions.

Priority

Medium

Status

Package Release Status
ffmpeg
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise Does not exist

trusty Does not exist

upstream
Released (7:2.5.1-1)
utopic Does not exist

vivid Not vulnerable
(7:2.5.4-1)
wily Not vulnerable
(7:2.5.4-1)
Patches:
upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3881606240953b9275a247a1c98a567f3c44890f
libav
Launchpad, Ubuntu, Debian
lucid Does not exist

precise
Released (4:0.8.17-0ubuntu0.12.04.1)
trusty Does not exist
(trusty was released [6:9.18-0ubuntu0.14.04.1])
upstream
Released (0.8.17,11.3,10.6,9.18)
utopic Ignored
(reached end-of-life)
vivid Ignored
(reached end-of-life)
wily Does not exist