FFmpeg 'libavcodec/iff.c' Memory Corruption Vulnerability

Bugtraq ID:	69252
Class:	Boundary Condition Error
CVE:	CVE-2014-5272
Remote:	Yes
Local:	No
Published:	Aug 11 2014 12:00AM
Updated:	Jul 05 2016 09:43PM
Credit:	Michael Niedermayer
Vulnerable:	Gentoo Linux FFmpeg FFmpeg 0.10.1 FFmpeg FFmpeg 0.9.1 FFmpeg FFmpeg 0.9 FFmpeg FFmpeg 0.8.11 FFmpeg FFmpeg 0.8.7 -r1 FFmpeg FFmpeg 0.8.7 FFmpeg FFmpeg 0.8.6 FFmpeg FFmpeg 0.8.5 FFmpeg FFmpeg 0.8.3 FFmpeg FFmpeg 0.7.7 FFmpeg FFmpeg 0.7.6 FFmpeg FFmpeg 0.7.4 FFmpeg FFmpeg 0.6.1 FFmpeg FFmpeg 0.4.9 20080909 FFmpeg FFmpeg 0.4.9 -pre1 FFmpeg FFmpeg 0.4.9 -0.pre1.5.1.20060 FFmpeg FFmpeg 0.4.9 FFmpeg FFmpeg 0.4.8 FFmpeg FFmpeg 0.4.7 FFmpeg FFmpeg 0.4.6 FFmpeg FFmpeg 0.8.4 FFmpeg FFmpeg 0.8.2 FFmpeg FFmpeg 0.8.1 FFmpeg FFmpeg 0.7.8 FFmpeg FFmpeg 0.7.5 FFmpeg FFmpeg 0.7.3 FFmpeg FFmpeg 0.7.2 FFmpeg FFmpeg 0.7.12 FFmpeg FFmpeg 0.7-rc1 FFmpeg FFmpeg 0.6.3 FFmpeg FFmpeg 0.6 FFmpeg FFmpeg 0.5.4 FFmpeg FFmpeg 0.5.3 FFmpeg FFmpeg 0.5.2 FFmpeg FFmpeg 0.5 FFmpeg FFmpeg 0.49_p20060530 FFmpeg FFmpeg 0.10
Not Vulnerable:

FFmpeg 'libavcodec/iff.c' Memory Corruption Vulnerability

FFmpeg is prone to a memory-corruption vulnerability.

Attackers can leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

FFmpeg 'libavcodec/iff.c' Memory Corruption Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

FFmpeg 'libavcodec/iff.c' Memory Corruption Vulnerability

References:

• avcodec/iff: check pixfmt for rgb8 / rgbn (FFmpeg)
  
• FFmpeg Homepage (FFmpeg)