CVE-2014-5271

Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
ffmpegffmpeg
𝑥
≤ 1.1.13
ffmpegffmpeg
1.1
ffmpegffmpeg
1.1.1
ffmpegffmpeg
1.1.2
ffmpegffmpeg
1.1.3
ffmpegffmpeg
1.1.4
ffmpegffmpeg
1.1.5
ffmpegffmpeg
1.1.6
ffmpegffmpeg
1.1.7
ffmpegffmpeg
1.1.8
ffmpegffmpeg
1.1.9
ffmpegffmpeg
1.1.10
ffmpegffmpeg
1.1.11
ffmpegffmpeg
1.1.12
ffmpegffmpeg
1.2
ffmpegffmpeg
1.2.1
ffmpegffmpeg
1.2.3
ffmpegffmpeg
1.2.4
ffmpegffmpeg
1.2.5
ffmpegffmpeg
1.2.6
ffmpegffmpeg
1.2.7
ffmpegffmpeg
2.0
ffmpegffmpeg
2.0.1
ffmpegffmpeg
2.0.2
ffmpegffmpeg
2.0.3
ffmpegffmpeg
2.0.4
ffmpegffmpeg
2.0.5
ffmpegffmpeg
2.1
ffmpegffmpeg
2.1.1
ffmpegffmpeg
2.1.2
ffmpegffmpeg
2.1.3
ffmpegffmpeg
2.1.4
ffmpegffmpeg
2.1.5
ffmpegffmpeg
2.2
ffmpegffmpeg
2.2.4
ffmpegffmpeg
2.3
ffmpegffmpeg
2.3.2
libavlibav
𝑥
≤ 10.4
libavlibav
0.5
libavlibav
0.5.1
libavlibav
0.5.2
libavlibav
0.5.3
libavlibav
0.5.4
libavlibav
0.5.5
libavlibav
0.5.6
libavlibav
0.5.7
libavlibav
0.5.8
libavlibav
0.6
libavlibav
0.6.1
libavlibav
0.6.2
libavlibav
0.6.3
libavlibav
0.6.4
libavlibav
0.6.5
libavlibav
0.7
libavlibav
0.7:beta1
libavlibav
0.7:beta2
libavlibav
0.7.1
libavlibav
0.7.2
libavlibav
0.7.3
libavlibav
0.7.4
libavlibav
0.7.5
libavlibav
0.7.6
libavlibav
0.8
libavlibav
0.8:beta2
libavlibav
0.8.1
libavlibav
0.8.2
libavlibav
0.8.3
libavlibav
0.8.4
libavlibav
0.8.5
libavlibav
0.8.6
libavlibav
0.8.7
libavlibav
0.8.8
libavlibav
0.8.9
libavlibav
0.8.10
libavlibav
0.8.11
libavlibav
0.8.12
libavlibav
10.1
libavlibav
10.2
libavlibav
10.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ffmpeg
bullseye
7:4.3.7-0+deb11u1
fixed
wheezy
not-affected
bullseye (security)
7:4.3.8-0+deb11u1
fixed
bookworm
7:5.1.6-0+deb12u1
fixed
bookworm (security)
7:5.1.6-0+deb12u1
fixed
sid
7:7.1-3
fixed
trixie
7:7.1-3
fixed
Common Weakness Enumeration
References
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=52b81ff4635c077b2bc8b8d3637d933b6629d803
http://www.osvdb.org/111725
http://www.securityfocus.com/bid/69250
https://security.gentoo.org/glsa/201603-06
https://www.ffmpeg.org/security.html
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=52b81ff4635c077b2bc8b8d3637d933b6629d803
http://www.osvdb.org/111725
http://www.securityfocus.com/bid/69250
https://security.gentoo.org/glsa/201603-06
https://www.ffmpeg.org/security.html