Incorrect Conversion between Numeric Types

CVE-2014-125011

High

7.8/10

Summary

A vulnerability was found in ffmpeg prior to 1.0.9, 1.1.x prior to 1.1.9, 1.2.x prior to 1.2.6, 1.3-dev, 2.0.x prior to 2.0.4, 2.1.x prior to 2.1.4 and 2.2.x prior to 2.2-rc1. It has been declared as problematic. Affected by this vulnerability is the function "decode_frame" of the file "libavcodec/ansi.c". The manipulation leads to integer coercion error. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-681 - Incorrect Conversion between Numeric Types

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

References

Advisory

Advisory Timeline

Published Jun 18, 2022

Incorrect Conversion between Numeric Types

CVE-2014-125011

Summary

CWE-681 - Incorrect Conversion between Numeric Types

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS