Vulnerability Description
Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ffmpeg | Ffmpeg | < 0.10.14 |
Related Weaknesses (CWE)
References
- http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.htmlExploitThird Party Advisory
- http://www.openwall.com/lists/oss-security/2014/06/26/23ExploitMailing ListThird Party Advisory
- https://www.ffmpeg.org/security.htmlPatchVendor Advisory
- http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.htmlExploitThird Party Advisory
- http://www.openwall.com/lists/oss-security/2014/06/26/23ExploitMailing ListThird Party Advisory
- https://www.ffmpeg.org/security.htmlPatchVendor Advisory
FAQ
What is CVE-2014-4610?
CVE-2014-4610 is a vulnerability with a CVSS score of 8.8 (HIGH). Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows rem...
How severe is CVE-2014-4610?
CVE-2014-4610 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4610?
Check the references section above for vendor advisories and patch information. Affected products include: Ffmpeg Ffmpeg.