CVE-2014-125011 - Vulnerability Details - OpenCVE

Description

A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function decode_frame of the file libavcodec/ansi.c. The manipulation leads to integer coercion error. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.

Published: 2022-06-18

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

unspecified

FFmpeg

affected

Version	Status	Constraints
`2.0`	affected	—

Configuration 1 [-]

cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2014-1185	A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function decode_frame of the file libavcodec/ansi.c. The manipulation leads to integer coercion error. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00168.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=d42ec8433c687fcbccefa51a7716d81920218e4f
https://vuldb.com/?id.12391

History

No history.

Subscriptions

Ffmpeg Ffmpeg

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2022-06-18T06:15:58.000Z

Updated: 2025-04-15T14:22:34.094Z

Reserved: 2022-06-17T00:00:00.000Z

Link: CVE-2014-125011

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-06-18T07:15:07.603

Modified: 2024-11-21T02:03:34.613

Link: CVE-2014-125011

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

{"containers": {"cna": {"affected": [{"product": "FFmpeg", "vendor": "unspecified", "versions": [{"status": "affected", "version": "2.0"}]}], "credits": [{"lang": "en", "value": "Mateusz Jurczyk/Gynvael Coldwind"}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function decode_frame of the file libavcodec/ansi.c. The manipulation leads to integer coercion error. The attack can be launched remotely. It is recommended to apply a patch to fix this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-192", "description": "CWE-192 Integer Coercion Error", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-18T06:15:58.000Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=d42ec8433c687fcbccefa51a7716d81920218e4f"}, {"tags": ["x_refsource_MISC"], "url": "https://vuldb.com/?id.12391"}], "title": "FFmpeg ansi.c decode_frame integer coercion", "x_generator": "vuldb.com", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@vuldb.com", "ID": "CVE-2014-125011", "REQUESTER": "cna@vuldb.com", "STATE": "PUBLIC", "TITLE": "FFmpeg ansi.c decode_frame integer coercion"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FFmpeg", "version": {"version_data": [{"version_value": "2.0"}]}}]}, "vendor_name": ""}]}}, "credit": "Mateusz Jurczyk/Gynvael Coldwind", "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function decode_frame of the file libavcodec/ansi.c. The manipulation leads to integer coercion error. The attack can be launched remotely. It is recommended to apply a patch to fix this issue."}]}, "generator": "vuldb.com", "impact": {"cvss": {"baseScore": "5.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-192 Integer Coercion Error"}]}]}, "references": {"reference_data": [{"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=d42ec8433c687fcbccefa51a7716d81920218e4f", "refsource": "MISC", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=d42ec8433c687fcbccefa51a7716d81920218e4f"}, {"name": "https://vuldb.com/?id.12391", "refsource": "MISC", "url": "https://vuldb.com/?id.12391"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:10:56.450Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=d42ec8433c687fcbccefa51a7716d81920218e4f"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://vuldb.com/?id.12391"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-14T16:58:07.164242Z", "id": "CVE-2014-125011", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T14:22:34.094Z"}}]}, "cveMetadata": {"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2014-125011", "datePublished": "2022-06-18T06:15:58.000Z", "dateReserved": "2022-06-17T00:00:00.000Z", "dateUpdated": "2025-04-15T14:22:34.094Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A1337F5B-E9D9-4335-9E05-50018E59E530", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function decode_frame of the file libavcodec/ansi.c. The manipulation leads to integer coercion error. The attack can be launched remotely. It is recommended to apply a patch to fix this issue."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en FFmpeg versi\u00f3n 2.0. Ha sido declarada como problem\u00e1tica. Esta vulnerabilidad afecta a la funci\u00f3n decode_frame del archivo libavcodec/ansi.c. La manipulaci\u00f3n conlleva a un error de coerci\u00f3n de enteros. El ataque puede ser lanzado remotamente. Es recomendado aplicar un parche para corregir este problema"}], "id": "CVE-2014-125011", "lastModified": "2024-11-21T02:03:34.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-18T07:15:07.603", "references": [{"source": "cna@vuldb.com", "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=d42ec8433c687fcbccefa51a7716d81920218e4f"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.12391"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=d42ec8433c687fcbccefa51a7716d81920218e4f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.12391"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-192"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-681"}], "source": "nvd@nist.gov", "type": "Primary"}]}