CVE-2014-2263 - Vulnerability Details - OpenCVE

The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ffmpeg	Ffmpeg

Configuration 1 [-]

OR	cpe:2.3:a:ffmpeg:ffmpeg::::::::
	cpe:2.3:a:ffmpeg:ffmpeg:2.0:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.0.1:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.0.2:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.0.3:::::::*

No data.

References

Link	Providers
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=842b6c14bc
http://secunia.com/advisories/56971
http://www.securityfocus.com/bid/65560
http://www.securitytracker.com/id/1029850
https://exchange.xforce.ibmcloud.com/vulnerabilities/91174
https://security.gentoo.org/glsa/201603-06

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-02-28T18:00:00

Updated: 2024-08-06T10:06:00.191Z

Reserved: 2014-02-28T00:00:00

Link: CVE-2014-2263

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-03-01T00:55:05.657

Modified: 2024-11-21T02:05:57.660

Link: CVE-2014-2263

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-02-13T00:00:00", "descriptions": [{"lang": "en", "value": "The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=842b6c14bc"}, {"name": "56971", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/56971"}, {"name": "1029850", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1029850"}, {"name": "ffmpeg-mpegtswritepmt-bo(91174)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91174"}, {"name": "GLSA-201603-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201603-06"}, {"name": "65560", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/65560"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2263", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=842b6c14bc", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=842b6c14bc"}, {"name": "56971", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56971"}, {"name": "1029850", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029850"}, {"name": "ffmpeg-mpegtswritepmt-bo(91174)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91174"}, {"name": "GLSA-201603-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201603-06"}, {"name": "65560", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65560"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:06:00.191Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=842b6c14bc"}, {"name": "56971", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/56971"}, {"name": "1029850", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1029850"}, {"name": "ffmpeg-mpegtswritepmt-bo(91174)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91174"}, {"name": "GLSA-201603-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201603-06"}, {"name": "65560", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/65560"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-2263", "datePublished": "2014-02-28T18:00:00", "dateReserved": "2014-02-28T00:00:00", "dateUpdated": "2024-08-06T10:06:00.191Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD553751-5763-4FD5-820A-2364512E8E78", "versionEndIncluding": "2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A1337F5B-E9D9-4335-9E05-50018E59E530", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0B27C609-E4B4-41CD-B228-38267AA3A8AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C97DBEE2-AF4E-4C2D-A185-F2A1B965D9DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "FDEDAA24-D9E0-4384-B193-0C8814E4FDD6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write."}, {"lang": "es", "value": "La funci\u00f3n mpegts_write_pmt en el muxer (libavformat/mpegtsenc.c) del flujo de transporte MPEG2 (tambi\u00e9n conocido como DVB) en FFmpeg, posiblemente 2.1 y anteriores, permite a atacantes remotos tener impacto y vectores no especificados, lo que provoca una escritura fuera de limites."}], "id": "CVE-2014-2263", "lastModified": "2024-11-21T02:05:57.660", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-03-01T00:55:05.657", "references": [{"source": "cve@mitre.org", "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=842b6c14bc"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/56971"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/65560"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1029850"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91174"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201603-06"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=842b6c14bc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/56971"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/65560"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1029850"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91174"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201603-06"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}