CVE-2014-5272
FFmpeg < 1.1.14, 1.2.x < 1.2.8, 2.2.x < 2.2.7, 2.3.x < 2.3.2 - Out-of-Bounds Array Access via Crafted IFF Image
Title source: llmDescription
libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats.
References (4)
Core 4
Core References
Patch x_refsource_confirm
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=abc1fa7c5a1dca1345b9471b81cfcda00c56220d
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201603-06
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/08/16/6
Various Sources x_refsource_confirm
https://www.ffmpeg.org/security.html
Scores
EPSS
0.0379
EPSS Percentile
88.2%
Details
CWE
CWE-119
Status
published
Products (37)
ffmpeg/ffmpeg
1.1
ffmpeg/ffmpeg
1.1.1
ffmpeg/ffmpeg
1.1.2
ffmpeg/ffmpeg
1.1.3
ffmpeg/ffmpeg
1.1.4
ffmpeg/ffmpeg
1.1.5
ffmpeg/ffmpeg
1.1.6
ffmpeg/ffmpeg
1.1.7
ffmpeg/ffmpeg
1.1.8
ffmpeg/ffmpeg
1.1.9
... and 27 more
Published
Nov 03, 2014
Tracked Since
Feb 18, 2026