CVE-2014-9604

Vulnerability

The vulnerability resides in libavcodec/utvideodec.c in FFmpeg versions before 2.5.2. The functions restore_median and restore_median_il do not check for a zero value of a slice height, leading to an out-of-bounds array access when processing crafted Ut Video data [1][2][3]. This affects both FFmpeg and the Libav fork (as noted in Ubuntu USN-2534-1) [1].

Exploitation

An attacker can exploit this by crafting a malicious Ut Video file with a slice height of zero. The victim must open the file using an affected version of FFmpeg or Libav. No authentication or special network position is required; the attack is triggered via file parsing [1][3].

Impact

Successful exploitation results in an out-of-bounds array access, causing a denial of service (application crash). The Ubuntu advisory also notes the possibility of arbitrary code execution with the privileges of the user invoking the program [1]. The Gentoo advisory lists arbitrary code execution as a potential impact [3].

Mitigation

The fix was introduced in FFmpeg version 2.5.2 [2]. Ubuntu released updated Libav packages in USN-2534-1 on 17 March 2015 [1]. Gentoo recommends upgrading to FFmpeg >=2.6.3 [3]. Users should update to the latest patched versions; no workaround is available [3].