Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2014-9604 (GCVE-0-2014-9604)
Vulnerability from cvelistv5 – Published: 2015-01-16 20:00 – Updated: 2024-08-06 13:47
VLAI?
EPSS
Summary
libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%… | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-2534-1 | vendor-advisoryx_refsource_UBUNTU |
| https://security.gentoo.org/glsa/201603-06 | vendor-advisoryx_refsource_GENTOO |
Date Public ?
2014-12-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3881606240953b9275a247a1c98a567f3c44890f"
},
{
"name": "USN-2534-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2534-1"
},
{
"name": "GLSA-201603-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-01T15:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3881606240953b9275a247a1c98a567f3c44890f"
},
{
"name": "USN-2534-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2534-1"
},
{
"name": "GLSA-201603-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3881606240953b9275a247a1c98a567f3c44890f",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3881606240953b9275a247a1c98a567f3c44890f"
},
{
"name": "USN-2534-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2534-1"
},
{
"name": "GLSA-201603-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9604",
"datePublished": "2015-01-16T20:00:00.000Z",
"dateReserved": "2015-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:47:41.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2014-9604",
"date": "2026-05-12",
"epss": "0.00645",
"percentile": "0.70834"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.5.1\", \"matchCriteriaId\": \"D3667449-B460-410A-86A1-09B5DDD6A7FD\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions.\"}, {\"lang\": \"es\", \"value\": \"libavcodec/utvideodec.c en FFmpeg anterior a 2.5.2 no comprueba para un valor de cero en la altura de un trozo, lo que permite a atacantes remotos causar una denegaci\\u00f3n de servicio (acceso al array fuera de rango) o posiblemente tener otro impacto no especificado a trav\\u00e9s de datos de v\\u00eddeo Ut manipulados, relacionado con las funciones (1) restore_median y (2) restore_median_il.\"}]",
"id": "CVE-2014-9604",
"lastModified": "2024-11-21T02:21:13.550",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2015-01-16T20:59:02.247",
"references": "[{\"url\": \"http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3881606240953b9275a247a1c98a567f3c44890f\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2534-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/201603-06\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3881606240953b9275a247a1c98a567f3c44890f\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2534-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201603-06\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-189\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2014-9604\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-01-16T20:59:02.247\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions.\"},{\"lang\":\"es\",\"value\":\"libavcodec/utvideodec.c en FFmpeg anterior a 2.5.2 no comprueba para un valor de cero en la altura de un trozo, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (acceso al array fuera de rango) o posiblemente tener otro impacto no especificado a trav\u00e9s de datos de v\u00eddeo Ut manipulados, relacionado con las funciones (1) restore_median y (2) restore_median_il.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.1\",\"matchCriteriaId\":\"D3667449-B460-410A-86A1-09B5DDD6A7FD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F\"}]}]}],\"references\":[{\"url\":\"http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3881606240953b9275a247a1c98a567f3c44890f\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2534-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/201603-06\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3881606240953b9275a247a1c98a567f3c44890f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2534-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201603-06\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
GHSA-FMMW-C889-HG82
Vulnerability from github – Published: 2022-05-17 03:34 – Updated: 2025-04-12 12:44
VLAI?
Details
libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions.
{
"affected": [],
"aliases": [
"CVE-2014-9604"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-01-16T20:59:00Z",
"severity": "HIGH"
},
"details": "libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions.",
"id": "GHSA-fmmw-c889-hg82",
"modified": "2025-04-12T12:44:16Z",
"published": "2022-05-17T03:34:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9604"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201603-06"
},
{
"type": "WEB",
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3881606240953b9275a247a1c98a567f3c44890f"
},
{
"type": "WEB",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3881606240953b9275a247a1c98a567f3c44890f"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2534-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
OPENSUSE-SU-2024:10926-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libav-tools-12.3-1.17 on GA media
Severity
Moderate
Notes
Title of the patch: libav-tools-12.3-1.17 on GA media
Description of the patch: These are all security issues fixed in the libav-tools-12.3-1.17 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10926
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libav-tools-12.3-1.17 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libav-tools-12.3-1.17 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10926",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10926-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-3946 page",
"url": "https://www.suse.com/security/cve/CVE-2011-3946/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-6618 page",
"url": "https://www.suse.com/security/cve/CVE-2012-6618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0851 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0852 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0868 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-7010 page",
"url": "https://www.suse.com/security/cve/CVE-2013-7010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-8544 page",
"url": "https://www.suse.com/security/cve/CVE-2014-8544/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9604 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9604/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3395 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3417 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3417/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5479 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5479/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3062 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3062/"
}
],
"title": "libav-tools-12.3-1.17 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10926-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libav-tools-12.3-1.17.aarch64",
"product": {
"name": "libav-tools-12.3-1.17.aarch64",
"product_id": "libav-tools-12.3-1.17.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libav-tools-12.3-1.17.ppc64le",
"product": {
"name": "libav-tools-12.3-1.17.ppc64le",
"product_id": "libav-tools-12.3-1.17.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libav-tools-12.3-1.17.s390x",
"product": {
"name": "libav-tools-12.3-1.17.s390x",
"product_id": "libav-tools-12.3-1.17.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libav-tools-12.3-1.17.x86_64",
"product": {
"name": "libav-tools-12.3-1.17.x86_64",
"product_id": "libav-tools-12.3-1.17.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libav-tools-12.3-1.17.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64"
},
"product_reference": "libav-tools-12.3-1.17.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libav-tools-12.3-1.17.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le"
},
"product_reference": "libav-tools-12.3-1.17.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libav-tools-12.3-1.17.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x"
},
"product_reference": "libav-tools-12.3-1.17.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libav-tools-12.3-1.17.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
},
"product_reference": "libav-tools-12.3-1.17.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-3946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-3946"
}
],
"notes": [
{
"category": "general",
"text": "The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-3946",
"url": "https://www.suse.com/security/cve/CVE-2011-3946"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-3946"
},
{
"cve": "CVE-2012-6618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-6618"
}
],
"notes": [
{
"category": "general",
"text": "The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient \"frames to estimate rate.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-6618",
"url": "https://www.suse.com/security/cve/CVE-2012-6618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2012-6618"
},
{
"cve": "CVE-2013-0851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0851"
}
],
"notes": [
{
"category": "general",
"text": "The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0851",
"url": "https://www.suse.com/security/cve/CVE-2013-0851"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2013-0851"
},
{
"cve": "CVE-2013-0852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0852"
}
],
"notes": [
{
"category": "general",
"text": "The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0852",
"url": "https://www.suse.com/security/cve/CVE-2013-0852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2013-0852"
},
{
"cve": "CVE-2013-0868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0868"
}
],
"notes": [
{
"category": "general",
"text": "libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) \"len==0 cases.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0868",
"url": "https://www.suse.com/security/cve/CVE-2013-0868"
},
{
"category": "external",
"summary": "SUSE Bug 1189142 for CVE-2013-0868",
"url": "https://bugzilla.suse.com/1189142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2013-0868"
},
{
"cve": "CVE-2013-7010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-7010"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-7010",
"url": "https://www.suse.com/security/cve/CVE-2013-7010"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-7010"
},
{
"cve": "CVE-2014-8544",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-8544"
}
],
"notes": [
{
"category": "general",
"text": "libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-8544",
"url": "https://www.suse.com/security/cve/CVE-2014-8544"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2014-8544"
},
{
"cve": "CVE-2014-9604",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9604"
}
],
"notes": [
{
"category": "general",
"text": "libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9604",
"url": "https://www.suse.com/security/cve/CVE-2014-9604"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2014-9604"
},
{
"cve": "CVE-2015-3395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3395"
}
],
"notes": [
{
"category": "general",
"text": "The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3395",
"url": "https://www.suse.com/security/cve/CVE-2015-3395"
},
{
"category": "external",
"summary": "SUSE Bug 931216 for CVE-2015-3395",
"url": "https://bugzilla.suse.com/931216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3395"
},
{
"cve": "CVE-2015-3417",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3417"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3417",
"url": "https://www.suse.com/security/cve/CVE-2015-3417"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3417"
},
{
"cve": "CVE-2015-5479",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5479"
}
],
"notes": [
{
"category": "general",
"text": "The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5479",
"url": "https://www.suse.com/security/cve/CVE-2015-5479"
},
{
"category": "external",
"summary": "SUSE Bug 949760 for CVE-2015-5479",
"url": "https://bugzilla.suse.com/949760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-5479"
},
{
"cve": "CVE-2016-3062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3062"
}
],
"notes": [
{
"category": "general",
"text": "The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3062",
"url": "https://www.suse.com/security/cve/CVE-2016-3062"
},
{
"category": "external",
"summary": "SUSE Bug 984487 for CVE-2016-3062",
"url": "https://bugzilla.suse.com/984487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-3062"
}
]
}
GSD-2014-9604
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-9604",
"description": "libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions.",
"id": "GSD-2014-9604",
"references": [
"https://www.suse.com/security/cve/CVE-2014-9604.html",
"https://www.debian.org/security/2015/dsa-3189",
"https://advisories.mageia.org/CVE-2014-9604.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2014-9604"
],
"details": "libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions.",
"id": "GSD-2014-9604",
"modified": "2023-12-13T01:22:48.058173Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3881606240953b9275a247a1c98a567f3c44890f",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3881606240953b9275a247a1c98a567f3c44890f"
},
{
"name": "USN-2534-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2534-1"
},
{
"name": "GLSA-201603-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-06"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.5.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9604"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3881606240953b9275a247a1c98a567f3c44890f",
"refsource": "CONFIRM",
"tags": [],
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3881606240953b9275a247a1c98a567f3c44890f"
},
{
"name": "USN-2534-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/USN-2534-1"
},
{
"name": "GLSA-201603-06",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/201603-06"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2016-12-03T03:02Z",
"publishedDate": "2015-01-16T20:59Z"
}
}
}
FKIE_CVE-2014-9604
Vulnerability from fkie_nvd - Published: 2015-01-16 20:59 - Updated: 2026-05-06 22:30
Severity ?
Summary
libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ffmpeg | ffmpeg | * | |
| canonical | ubuntu_linux | 12.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3667449-B460-410A-86A1-09B5DDD6A7FD",
"versionEndIncluding": "2.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions."
},
{
"lang": "es",
"value": "libavcodec/utvideodec.c en FFmpeg anterior a 2.5.2 no comprueba para un valor de cero en la altura de un trozo, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (acceso al array fuera de rango) o posiblemente tener otro impacto no especificado a trav\u00e9s de datos de v\u00eddeo Ut manipulados, relacionado con las funciones (1) restore_median y (2) restore_median_il."
}
],
"id": "CVE-2014-9604",
"lastModified": "2026-05-06T22:30:45.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-16T20:59:02.247",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3881606240953b9275a247a1c98a567f3c44890f"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2534-1"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201603-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3881606240953b9275a247a1c98a567f3c44890f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2534-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201603-06"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CNVD-2015-00536
Vulnerability from cnvd - Published: 2015-01-23
VLAI Severity ?
Title
FFmpeg 'libavcodec/utvideodec.c'拒绝服务漏洞
Description
FFmpeg是FFmpeg团队的一套可录制、转换以及流化音视频的完整解决方案。
FFmpeg 'libavcodec/utvideodec.c'文件中存在安全漏洞。由于程序未能检查视频截片的高度。远程攻击者可通过特制的Ut Video数据利用该漏洞造成拒绝服务(越边界数组访问)。
Severity
高
Patch Name
FFmpeg 'libavcodec/utvideodec.c'拒绝服务漏洞的补丁
Patch Description
FFmpeg是FFmpeg团队的一套可录制、转换以及流化音视频的完整解决方案。
FFmpeg 'libavcodec/utvideodec.c'文件中存在安全漏洞。由于程序未能检查视频截片的高度。远程攻击者可通过特制的Ut Video数据利用该漏洞造成拒绝服务(越边界数组访问)。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可联系供应商获得补丁信息: https://www.ffmpeg.org/
Reference
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3881606240953b9275a247a1c98a567f3c44890f
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9604
Impacted products
| Name | FFmpeg Ffmpeg < 2.5.2 |
|---|
{
"bids": {
"bid": {
"bidNumber": "72272"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2014-9604"
}
},
"description": "FFmpeg\u662fFFmpeg\u56e2\u961f\u7684\u4e00\u5957\u53ef\u5f55\u5236\u3001\u8f6c\u6362\u4ee5\u53ca\u6d41\u5316\u97f3\u89c6\u9891\u7684\u5b8c\u6574\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nFFmpeg \u0027libavcodec/utvideodec.c\u0027\u6587\u4ef6\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u68c0\u67e5\u89c6\u9891\u622a\u7247\u7684\u9ad8\u5ea6\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7279\u5236\u7684Ut Video\u6570\u636e\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u8d8a\u8fb9\u754c\u6570\u7ec4\u8bbf\u95ee\uff09\u3002",
"discovererName": "Mateusz \"j00ru\" Jurczyk, and Gynvael Coldwind",
"formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a \r\nhttps://www.ffmpeg.org/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-00536",
"openTime": "2015-01-23",
"patchDescription": "FFmpeg\u662fFFmpeg\u56e2\u961f\u7684\u4e00\u5957\u53ef\u5f55\u5236\u3001\u8f6c\u6362\u4ee5\u53ca\u6d41\u5316\u97f3\u89c6\u9891\u7684\u5b8c\u6574\u89e3\u51b3\u65b9\u6848\u3002 \r\n\r\nFFmpeg \u0027libavcodec/utvideodec.c\u0027\u6587\u4ef6\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u68c0\u67e5\u89c6\u9891\u622a\u7247\u7684\u9ad8\u5ea6\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7279\u5236\u7684Ut Video\u6570\u636e\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u8d8a\u8fb9\u754c\u6570\u7ec4\u8bbf\u95ee\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "FFmpeg \u0027libavcodec/utvideodec.c\u0027\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "FFmpeg Ffmpeg \u003c 2.5.2"
},
"referenceLink": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3881606240953b9275a247a1c98a567f3c44890f\r\nhttp://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9604",
"serverity": "\u9ad8",
"submitTime": "2015-01-22",
"title": "FFmpeg \u0027libavcodec/utvideodec.c\u0027\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…