CVE-2014-125014

FFmpeg HEVC Video Decoder memory corruption

Published: 6/18/2022 Last updated: 4/15/2025 Reserved: 6/17/2022

A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is an unknown functionality of the component HEVC Video Decoder. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.

CNA assigner: VulDB (1af790b2-7ee1-4545-860a-a788eba489b5) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	5.3	Medium	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Opam packages affected (3)

conf-ffmpeg ffmpeg opus

Products affected (1)

Product	Vendor	Version
FFmpeg	unspecified	<= 3.0.34

References (4)

http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=d1e6602665
https://vuldb.com/?id.12367
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=d1e6602665
https://vuldb.com/?id.12367

Credits (1)

Mateusz Jurczyk/Gynvael Coldwind