CVE-2014-2263 - Vulnerability Details - OpenCVE

The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.0113.

Key SSVC decision points have not yet been added.

Vendors	Products
Ffmpeg Subscribe	Ffmpeg Subscribe

Configuration 1 [-]

OR	cpe:2.3:a:ffmpeg:ffmpeg::::::::
	cpe:2.3:a:ffmpeg:ffmpeg:2.0:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.0.1:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.0.2:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.0.3:::::::*

No data.

No data.

Advisories

Source	ID	Title
Debian DSA	DSA-3003-1	libav security update
EUVD	EUVD-2014-2301	The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=842b6c14bc
http://secunia.com/advisories/56971
http://www.securityfocus.com/bid/65560
http://www.securitytracker.com/id/1029850
https://exchange.xforce.ibmcloud.com/vulnerabilities/91174
https://security.gentoo.org/glsa/201603-06

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-02-28T18:00:00

Updated: 2024-08-06T10:06:00.191Z

Reserved: 2014-02-28T00:00:00

Link: CVE-2014-2263

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-03-01T00:55:05.657

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-2263

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-02-13T00:00:00", "descriptions": [{"lang": "en", "value": "The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=842b6c14bc"}, {"name": "56971", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/56971"}, {"name": "1029850", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1029850"}, {"name": "ffmpeg-mpegtswritepmt-bo(91174)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91174"}, {"name": "GLSA-201603-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201603-06"}, {"name": "65560", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/65560"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2263", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=842b6c14bc", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=842b6c14bc"}, {"name": "56971", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56971"}, {"name": "1029850", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029850"}, {"name": "ffmpeg-mpegtswritepmt-bo(91174)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91174"}, {"name": "GLSA-201603-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201603-06"}, {"name": "65560", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65560"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:06:00.191Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=842b6c14bc"}, {"name": "56971", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/56971"}, {"name": "1029850", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1029850"}, {"name": "ffmpeg-mpegtswritepmt-bo(91174)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91174"}, {"name": "GLSA-201603-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201603-06"}, {"name": "65560", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/65560"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-2263", "datePublished": "2014-02-28T18:00:00", "dateReserved": "2014-02-28T00:00:00", "dateUpdated": "2024-08-06T10:06:00.191Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD553751-5763-4FD5-820A-2364512E8E78", "versionEndIncluding": "2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A1337F5B-E9D9-4335-9E05-50018E59E530", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0B27C609-E4B4-41CD-B228-38267AA3A8AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C97DBEE2-AF4E-4C2D-A185-F2A1B965D9DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "FDEDAA24-D9E0-4384-B193-0C8814E4FDD6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write."}, {"lang": "es", "value": "La funci\u00f3n mpegts_write_pmt en el muxer (libavformat/mpegtsenc.c) del flujo de transporte MPEG2 (tambi\u00e9n conocido como DVB) en FFmpeg, posiblemente 2.1 y anteriores, permite a atacantes remotos tener impacto y vectores no especificados, lo que provoca una escritura fuera de limites."}], "id": "CVE-2014-2263", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-03-01T00:55:05.657", "references": [{"source": "cve@mitre.org", "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=842b6c14bc"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/56971"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/65560"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1029850"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91174"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201603-06"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=842b6c14bc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/56971"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/65560"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1029850"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91174"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201603-06"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}