Main Vulnerability Database Vulnerabilities #VU110593

Input validation error in FFmpeg - CVE-2014-7933

Published: January 3, 2017 / Updated: June 8, 2025

Vulnerability identifier: #VU110593

CSH Severity: Medium

CVSS v4.0:

CVE-ID: CVE-2014-7933

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: ffmpeg.sourceforge.net

Affected software:
FFmpeg

Detailed vulnerability description

The vulnerability allows remote attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service or possibly have unspecified other impact via a crafted Matroska file that triggers improper maintenance of tracks data.

How to mitigate CVE-2014-7933

Install update from vendor's website.

Sources

http://git.videolan.org/?p=ffmpeg.git;a=commit;h=490a3ebf36821b81f73e34ad3f554cb523dd2682
http://googlechromereleases.blogspot.com/2015/01/stable-update.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html
http://rhn.redhat.com/errata/RHSA-2015-0093.html
http://secunia.com/advisories/62383
http://secunia.com/advisories/62575
http://secunia.com/advisories/62665
http://security.gentoo.org/glsa/glsa-201502-13.xml
http://www.securityfocus.com/bid/72288
http://www.securitytracker.com/id/1031623
http://www.ubuntu.com/usn/USN-2476-1
https://code.google.com/p/chromium/issues/detail?id=427266

Input validation error in FFmpeg - CVE-2014-7933

Detailed vulnerability description

How to mitigate CVE-2014-7933

Sources

Please verify you're human