Skip to main content

Numeric Errors

CVE-2014-8549

Severity High
Score 7.3/10

Summary

The "libavcodec/on2avc.c" file in FFmpeg prior to 2.3.5, 2.4.x prior to 2.4.2, and 2.5-dev does not constrain the number of channels to at most 2, which allows remote attackers to cause a Denial of Service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data.

  • LOW
  • NETWORK
  • LOW
  • UNCHANGED
  • NONE
  • NONE
  • LOW
  • LOW

CWE-189 - Numeric Errors

Weaknesses in this category are related to improper calculation or conversion of numbers.

Advisory Timeline

  • Published