VIR Vulnerability Intelligence Relay

CVE-2014-5272

medium
Published 2014-11-03 · Modified 2026-05-06
CVSS v3
CVSS v2
6.8
VIR risk
6.8

Description

libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2014-5272

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed7:2.4.1-1
debian debianbullseyefixed7:2.4.1-1
debian debianforkyfixed7:2.4.1-1
debian debiansidfixed7:2.4.1-1
debian debiantrixiefixed7:2.4.1-1

Application impact
VendorProductVersionsFixed
ffmpegffmpeg{"endIncluding":"1.1.13"}
ffmpegffmpeg1.1
ffmpegffmpeg1.1.1
ffmpegffmpeg1.1.2
ffmpegffmpeg1.1.3
ffmpegffmpeg1.1.4
ffmpegffmpeg1.1.5
ffmpegffmpeg1.1.6
ffmpegffmpeg1.1.7
ffmpegffmpeg1.1.8
ffmpegffmpeg1.1.9
ffmpegffmpeg1.1.10
ffmpegffmpeg1.1.11
ffmpegffmpeg1.1.12
ffmpegffmpeg1.2
ffmpegffmpeg1.2.1
ffmpegffmpeg1.2.3
ffmpegffmpeg1.2.4
ffmpegffmpeg1.2.5
ffmpegffmpeg1.2.6
ffmpegffmpeg1.2.7
ffmpegffmpeg2.0
ffmpegffmpeg2.0.1
ffmpegffmpeg2.0.2
ffmpegffmpeg2.0.3
ffmpegffmpeg2.0.4
ffmpegffmpeg2.0.5
ffmpegffmpeg2.1
ffmpegffmpeg2.1.1
ffmpegffmpeg2.1.2
ffmpegffmpeg2.1.3
ffmpegffmpeg2.1.4
ffmpegffmpeg2.1.5
ffmpegffmpeg2.2
ffmpegffmpeg2.2.4
ffmpegffmpeg2.3
ffmpegffmpeg2.3.2

References

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.