Login Sign Up

CVE-2014-125024

7.3 HIGH
Denial of Service

📋 TL;DR

This critical vulnerability in FFmpeg 2.0 allows remote attackers to execute arbitrary code or cause denial of service through memory corruption in the lag_decode_frame function. It affects any system using vulnerable FFmpeg versions for media processing, including video streaming services, media players, and applications with embedded FFmpeg libraries.

💻 Affected Systems

Products:
  • FFmpeg
Versions: Version 2.0 specifically (and potentially earlier versions with similar code)
Operating Systems: All platforms running FFmpeg
Default Config Vulnerable: ⚠️ Yes
Notes: Any application or service using FFmpeg 2.0 for media decoding is vulnerable, including web applications, media servers, and video processing tools

📦 What is this software?

Ffmpeg by Ffmpeg

View all CVEs affecting Ffmpeg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment

🟠

Likely Case

Application crash causing denial of service, potentially leading to service disruption

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege controls are implemented

🌐 Internet-Facing: HIGH - Attack can be launched remotely without authentication
🏢 Internal Only: MEDIUM - Still exploitable via internal network but requires attacker foothold

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Memory corruption vulnerabilities in widely used libraries like FFmpeg are frequently weaponized in exploit kits

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FFmpeg 2.1 and later

Vendor Advisory: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4c3e1956ee

Restart Required: Yes

Instructions:

1. Update FFmpeg to version 2.1 or later. 2. Rebuild any applications using FFmpeg libraries. 3. Restart affected services. 4. Verify the fix with the commit hash 4c3e1956ee

🔧 Temporary Workarounds

Disable Lagarith codec support

all

Remove or disable Lagarith codec decoding capability in FFmpeg configuration

ffmpeg -codecs | grep lagarith
# If present, recompile FFmpeg with --disable-decoder=lagarith

Network filtering

all

Block or filter media files containing Lagarith encoded content at network perimeter

🧯 If You Can't Patch

  • Isolate vulnerable systems in segmented network zones with strict access controls
  • Implement application allowlisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check FFmpeg version: ffmpeg -version | grep 'version 2.0'

Check Version:

ffmpeg -version

Verify Fix Applied:

Verify FFmpeg version is 2.1 or later and check for commit 4c3e1956ee in build info

📡 Detection & Monitoring

Log Indicators:

  • FFmpeg segmentation faults
  • Application crashes during media processing
  • Memory access violation errors

Network Indicators:

  • Unusual outbound connections from media processing servers
  • Traffic patterns indicating exploit attempts

SIEM Query:

source="*ffmpeg*" AND ("segmentation fault" OR "memory corruption" OR "access violation")

📊 Metadata

CVE ID: CVE-2014-125024
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
Published: June 19, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2014-125024, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)