Launchpad.net

CVE 2014-2299

Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.

Related bugs and status

CVE-2014-2299 (Candidate) is related to these bugs:

Bug #1290100: [Need fake sync] a lot vulnerabilities buffer overflow crash ddos

		In	Importance	Status
1290100	[Need fake sync] a lot vulnerabilities buffer overflow crash ddos	wireshark (Ubuntu)	High	Fix Released
1290100	[Need fake sync] a lot vulnerabilities buffer overflow crash ddos	wireshark (Ubuntu Saucy)	High	Won't Fix
1290100	[Need fake sync] a lot vulnerabilities buffer overflow crash ddos	wireshark (Ubuntu Trusty)	High	Fix Released
1290100	[Need fake sync] a lot vulnerabilities buffer overflow crash ddos	wireshark (Ubuntu Precise)	High	Won't Fix
1290100	[Need fake sync] a lot vulnerabilities buffer overflow crash ddos	wireshark (Ubuntu Quantal)	High	Won't Fix

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.wireshark.o...
CONFIRM: https://bugs.wireshark...
CONFIRM: https://code.wireshark...
DEBIAN: DSA-2871
SUSE: openSUSE-SU-2014:0382
SUSE: openSUSE-SU-2014:0383
SECUNIA: 57480
SECUNIA: 57489
REDHAT: RHSA-2014:0341
REDHAT: RHSA-2014:0342
EXPLOIT-DB: 33069
MISC: http://packetstormsecu...
OSVDB: 104199
BID: 66066
SECTRACK: 1029907