CVE-2014-9676CVE-2014-9676

Affected configuration(s):

cpe:/a:ffmpeg:ffmpeg:2.1.4

Date published: 2015-02-27T20:59:00.073-05:00

Date last modified: 2016-11-29T21:59:08.390-05:00

CVSS Score: 6.8

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://seclists.org/oss-sec/2015/q1/38

Summary: The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service (“invalid memory handler”) and possibly execute arbitrary code via a crafted video that triggers a use after free.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.