VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 5, 2014· Updated May 6, 2026

CVE-2014-8543

CVE-2014-8543

Description

In FFmpeg before 2.4.2, the MM video decoder does not validate all HHV Intra block lines, leading to out-of-bounds access and potential denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In FFmpeg before 2.4.2, the MM video decoder does not validate all HHV Intra block lines, leading to out-of-bounds access and potential denial of service.

Vulnerability

In FFmpeg versions prior to 2.4.2, the libavcodec/mmvideo.c file contains a flaw in the validation of image height for HHV Intra blocks. The code does not consider all lines of these blocks during height checks, which can trigger an out-of-bounds access when processing crafted MM video data. This issue affects FFmpeg before 2.4.2 and Libav in some distributions [1][2][4].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious MM video file that triggers the insufficient height validation. If a user is tricked into opening such a file with FFmpeg or an application using the library, the decoder performs an out-of-bounds memory access. No special privileges or network position beyond delivering the file is required; user interaction (e.g., opening the file) is necessary [2][4].

Impact

Successful exploitation can cause a denial of service via application crash. The official description notes possible unspecified other impact, and related advisories mention potential arbitrary code execution with the privileges of the user running the application [1][2][4].

Mitigation

The vulnerability is fixed in FFmpeg 2.4.2. Users should upgrade to this version or later. For Libav (a fork), update to the version provided in Ubuntu USN-2534-1 (released 2015-03-17) or apply the Gentoo GLSA 201603-06 recommendation (FFmpeg 2.6.3 or later) [1][2][4]. No workarounds are documented if upgrading is not possible.

References
  1. FFmpeg Security
  2. USN-2534-1: Libav vulnerabilities | Ubuntu security notices | Ubuntu
  3. Multiple vulnerabilities (GLSA 201603-06) — Gentoo security

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

107
  • FFmpeg/Ffmpeg106 versions
    cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*+ 105 more
    • cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*range: <=2.4.1
    • cpe:2.3:a:ffmpeg:ffmpeg:0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.10.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.10.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.11.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.11.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.11.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.11.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:1.1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:1.1.11:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:1.1.12:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:1.1.13:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:1.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:1.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:1.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:1.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:1.1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:1.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:1.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:1.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:1.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:1.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:2.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:2.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:2.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:2.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:2.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:2.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:2.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:2.4:*:*:*:*:*:*:*
    • (no CPE)range: <2.4.2
  • Canonical/Ubuntu Linux
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.