Login Sign Up

CVE-2014-125017

7.3 HIGH

📋 TL;DR

This critical vulnerability in FFmpeg 2.0 allows remote attackers to cause memory corruption through the rpza_decode_stream function, potentially leading to arbitrary code execution. It affects any system or application using vulnerable FFmpeg versions for video processing. The vulnerability can be exploited without authentication by sending specially crafted video files.

💻 Affected Systems

Products:
  • FFmpeg
Versions: FFmpeg 2.0 (specifically versions before patch 77bb0004bbe18f1498cfecdc68db5f10808b6599)
Operating Systems: All platforms running FFmpeg
Default Config Vulnerable: ⚠️ Yes
Notes: Any application or service using FFmpeg for video decoding/processing is vulnerable when handling RPZA encoded video streams

📦 What is this software?

Ffmpeg by Ffmpeg

View all CVEs affecting Ffmpeg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment

🟠

Likely Case

Application crashes, denial of service, or limited memory corruption affecting video processing functionality

🟢

If Mitigated

Contained application crash with no system compromise if proper sandboxing and privilege separation are implemented

🌐 Internet-Facing: HIGH - Remote exploitation possible via video upload/processing features
🏢 Internal Only: MEDIUM - Requires user interaction with malicious video files

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting malicious RPZA video files; no public exploit code is documented

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FFmpeg with commit 77bb0004bbe18f1498cfecdc68db5f10808b6599

Vendor Advisory: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=77bb0004bbe18f1498cfecdc68db5f10808b6599

Restart Required: Yes

Instructions:

1. Update FFmpeg to version containing the fix commit 2. Rebuild any applications using FFmpeg libraries 3. Restart affected services

🔧 Temporary Workarounds

Disable RPZA codec support

all

Disable RPZA video codec decoding in FFmpeg configuration

ffmpeg -codecs | grep rpza
Recompile FFmpeg with --disable-decoder=rpza

Input validation filtering

all

Block or filter RPZA encoded video files at network perimeter

🧯 If You Can't Patch

  • Implement strict input validation to reject RPZA encoded video files
  • Run FFmpeg in sandboxed/containerized environment with minimal privileges

🔍 How to Verify

Check if Vulnerable:

Check FFmpeg version and commit hash: ffmpeg -version | grep 'version\|commit'

Check Version:

ffmpeg -version | head -1

Verify Fix Applied:

Verify commit 77bb0004bbe18f1498cfecdc68db5f10808b6599 is present: git log --oneline | grep '77bb0004'

📡 Detection & Monitoring

Log Indicators:

  • FFmpeg segmentation faults
  • Memory access violation errors
  • Unexpected process termination during video processing

Network Indicators:

  • Unusual video file uploads to processing services
  • RPZA encoded video traffic to vulnerable systems

SIEM Query:

process_name:"ffmpeg" AND (event_type:"crash" OR exit_code:139 OR exit_code:-1073741819)

📊 Metadata

CVE ID: CVE-2014-125017
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
Published: June 18, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2014-125017, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)