CVE-2014-125017 - Vulnerability Details - OpenCVE

A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpza_decode_stream. The manipulation leads to memory corruption. The attack can be initiated remotely. The name of the patch is Fixes Invalid Writes. It is recommended to apply a patch to fix this issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Ffmpeg	Ffmpeg

Configuration 1 [-]

cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=77bb0004bbe18f1498cfecdc68db5f10808b6599
https://vuldb.com/?id.12340

History

Tue, 15 Apr 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2022-06-18T06:16:08.000Z

Updated: 2025-04-15T14:21:49.414Z

Reserved: 2022-06-17T00:00:00.000Z

Link: CVE-2014-125017

Vulnrichment

Updated: 2024-08-06T14:10:56.533Z

NVD

Status : Modified

Published: 2022-06-18T07:15:08.000

Modified: 2024-11-21T02:03:36.387

Link: CVE-2014-125017

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "FFmpeg", "vendor": "unspecified", "versions": [{"status": "affected", "version": "2.0"}]}], "credits": [{"lang": "en", "value": "Mateusz Jurczyk/Gynvael Coldwind"}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpza_decode_stream. The manipulation leads to memory corruption. The attack can be initiated remotely. The name of the patch is Fixes Invalid Writes. It is recommended to apply a patch to fix this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119 Memory Corruption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-18T06:16:08.000Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=77bb0004bbe18f1498cfecdc68db5f10808b6599"}, {"tags": ["x_refsource_MISC"], "url": "https://vuldb.com/?id.12340"}], "title": "FFmpeg rpza_decode_stream memory corruption", "x_generator": "vuldb.com", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@vuldb.com", "ID": "CVE-2014-125017", "REQUESTER": "cna@vuldb.com", "STATE": "PUBLIC", "TITLE": "FFmpeg rpza_decode_stream memory corruption"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FFmpeg", "version": {"version_data": [{"version_value": "2.0"}]}}]}, "vendor_name": ""}]}}, "credit": "Mateusz Jurczyk/Gynvael Coldwind", "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpza_decode_stream. The manipulation leads to memory corruption. The attack can be initiated remotely. The name of the patch is Fixes Invalid Writes. It is recommended to apply a patch to fix this issue."}]}, "generator": "vuldb.com", "impact": {"cvss": {"baseScore": "7.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-119 Memory Corruption"}]}]}, "references": {"reference_data": [{"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=77bb0004bbe18f1498cfecdc68db5f10808b6599", "refsource": "MISC", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=77bb0004bbe18f1498cfecdc68db5f10808b6599"}, {"name": "https://vuldb.com/?id.12340", "refsource": "MISC", "url": "https://vuldb.com/?id.12340"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:10:56.533Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=77bb0004bbe18f1498cfecdc68db5f10808b6599"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://vuldb.com/?id.12340"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-14T16:57:47.529639Z", "id": "CVE-2014-125017", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T14:21:49.414Z"}}]}, "cveMetadata": {"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2014-125017", "datePublished": "2022-06-18T06:16:08.000Z", "dateReserved": "2022-06-17T00:00:00.000Z", "dateUpdated": "2025-04-15T14:21:49.414Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=77bb0004bbe18f1498cfecdc68db5f10808b6599", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://vuldb.com/?id.12340", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:10:56.533Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2014-125017", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-14T16:57:47.529639Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-14T16:57:49.314Z"}}], "cna": {"title": "FFmpeg rpza_decode_stream memory corruption", "credits": [{"lang": "en", "value": "Mateusz Jurczyk/Gynvael Coldwind"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "unspecified", "product": "FFmpeg", "versions": [{"status": "affected", "version": "2.0"}]}], "references": [{"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=77bb0004bbe18f1498cfecdc68db5f10808b6599", "tags": ["x_refsource_MISC"]}, {"url": "https://vuldb.com/?id.12340", "tags": ["x_refsource_MISC"]}], "x_generator": "vuldb.com", "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpza_decode_stream. The manipulation leads to memory corruption. The attack can be initiated remotely. The name of the patch is Fixes Invalid Writes. It is recommended to apply a patch to fix this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119 Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2022-06-18T06:16:08.000Z"}, "x_legacyV4Record": {"credit": "Mateusz Jurczyk/Gynvael Coldwind", "impact": {"cvss": {"version": "3.1", "baseScore": "7.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.0"}]}, "product_name": "FFmpeg"}]}, "vendor_name": ""}]}}, "data_type": "CVE", "generator": "vuldb.com", "references": {"reference_data": [{"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=77bb0004bbe18f1498cfecdc68db5f10808b6599", "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=77bb0004bbe18f1498cfecdc68db5f10808b6599", "refsource": "MISC"}, {"url": "https://vuldb.com/?id.12340", "name": "https://vuldb.com/?id.12340", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpza_decode_stream. The manipulation leads to memory corruption. The attack can be initiated remotely. The name of the patch is Fixes Invalid Writes. It is recommended to apply a patch to fix this issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-119 Memory Corruption"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-125017", "STATE": "PUBLIC", "TITLE": "FFmpeg rpza_decode_stream memory corruption", "ASSIGNER": "cna@vuldb.com", "REQUESTER": "cna@vuldb.com"}}}}, "cveMetadata": {"cveId": "CVE-2014-125017", "state": "PUBLISHED", "dateUpdated": "2025-04-15T14:21:49.414Z", "dateReserved": "2022-06-17T00:00:00.000Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2022-06-18T06:16:08.000Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A1337F5B-E9D9-4335-9E05-50018E59E530", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpza_decode_stream. The manipulation leads to memory corruption. The attack can be initiated remotely. The name of the patch is Fixes Invalid Writes. It is recommended to apply a patch to fix this issue."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en FFmpeg versi\u00f3n 2.0. Esta vulnerabilidad afecta a la funci\u00f3n rpza_decode_stream. La manipulaci\u00f3n conlleva a una corrupci\u00f3n de memoria. El ataque puede iniciarse de forma remota. El nombre del parche es Fixes Invalid Writes. Es recomendado aplicar el parche para corregir este problema"}], "id": "CVE-2014-125017", "lastModified": "2024-11-21T02:03:36.387", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-18T07:15:08.000", "references": [{"source": "cna@vuldb.com", "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=77bb0004bbe18f1498cfecdc68db5f10808b6599"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.12340"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=77bb0004bbe18f1498cfecdc68db5f10808b6599"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.12340"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}