CVE-2014-8545

2014-11-05 12:55:08 2016-12-03 04:01:55

libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted PNG data.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

FFmpeg 0.4.4 FFmpeg 0.8.0 FFmpeg 0.4.5 FFmpeg 0.8.1 FFmpeg 0.4.6 FFmpeg 0.8.2 FFmpeg 0.4.7 FFmpeg 0.4.0 FFmpeg 0.4.2 FFmpeg 0.4.3 Ffmpeg Ffmpeg 2.2.4 (not an official CPE) FFmpeg FFmpeg 0.9 FFmpeg 0.7 FFmpeg 0.5 Ffmpeg Ffmpeg 1.1.13 (not an official CPE) FFmpeg 0.3 Ffmpeg Ffmpeg 1.1.12 (not an official CPE) FFmpeg 0.6 Ffmpeg Ffmpeg 1.1.10 (not an official CPE) Ffmpeg Ffmpeg 1.1.11 (not an official CPE) FFmpeg 0.10 FFmpeg 0.11 FFmpeg 0.7.11 FFmpeg 0.7.12 FFmpeg 0.7.1 FFmpeg 0.7.2 FFmpeg 0.7.3 FFmpeg 0.7.4 FFmpeg 0.3.1 FFmpeg 0.3.2 FFmpeg 0.3.3 FFmpeg 0.3.4 FFmpeg 2.1.2 FFmpeg 2.1.3 FFmpeg 2.1.4 FFmpeg 1.0 FFmpeg 2.1.1 Ffmpeg Ffmpeg 2.1.5 (not an official CPE) FFmpeg 0.8.5 FFmpeg 0.8.6 FFmpeg 1.1 FFmpeg 0.8.7 FFmpeg 1.2 FFmpeg 0.10.4 FFmpeg 0.10.3 FFmpeg 0.11.4 Ffmpeg Ffmpeg 1.2.5 (not an official CPE) FFmpeg 1.2.1 Ffmpeg Ffmpeg 1.2.6 (not an official CPE) Ffmpeg Ffmpeg 1.2.7 (not an official CPE) Ffmpeg Ffmpeg 1.2.4 (not an official CPE) FFmpeg 0.8.8 Ffmpeg Ffmpeg 1.2.3 (not an official CPE) FFmpeg 0.4.8 FFmpeg 0.6.2 FFmpeg 0.6.3 FFmpeg 0.6.1 FFmpeg 2.0.1 FFmpeg 2.0.3 Ffmpeg Ffmpeg 2.0.4 (not an official CPE) Ffmpeg Ffmpeg 2.0.5 (not an official CPE) Ffmpeg Ffmpeg 2.4.1 (not an official CPE) FFmpeg 2.0.2 FFmpeg 0.7.6 FFmpeg 0.4.9 pre1 FFmpeg 0.7.7 FFmpeg 0.8.5.4 FFmpeg 2.0 FFmpeg 0.7.8 FFmpeg 0.8.5.3 Ffmpeg Ffmpeg 2.3 (not an official CPE) FFmpeg 2.1 Ffmpeg Ffmpeg 2.2 (not an official CPE) FFmpeg 0.11.3 FFmpeg 0.11.2 FFmpeg 0.11.1 FFmpeg 0.5.4.5 FFmpeg 0.5.4.6 Ffmpeg Ffmpeg 2.4 (not an official CPE) FFmpeg 1.0.1 FFmpeg 1.0.2 FFmpeg 1.0.4 FFmpeg 1.0.3 FFmpeg 0.8.10 Ffmpeg Ffmpeg 2.3.3 (not an official CPE) FFmpeg 0.8.11 Ffmpeg Ffmpeg 2.3.4 (not an official CPE) Ffmpeg Ffmpeg 2.3.2 (not an official CPE) FFmpeg 0.5.2 FFmpeg 0.5.1 FFmpeg FFmpeg 0.9.1 FFmpeg 0.5.5 FFmpeg 0.5.4 FFmpeg 0.5.3 FFmpeg 0.7.5 FFmpeg 1.1.1 FFmpeg 1.1.4 FFmpeg 0.7.9 FFmpeg 1.1.3 FFmpeg 1.1.5 FFmpeg 1.1.8 FFmpeg 1.1.7 FFmpeg 1.1.2 Ffmpeg Ffmpeg 1.1.9 (not an official CPE) FFmpeg 1.1.6

Ffmpeg - Ffmpeg

Advisory	Patch	Confirmed	Link
			http://www.ffmpeg.org/security.html
			http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3e2b745...
			GLSA-201603-06

Numeric Errors (ID 189)