CVE-2014-2299

Published: 11 March 2014

Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.

Priority

Status

Package	Release	Status
wireshark Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Ignored (end of life)
	quantal	Ignored (end of life)
	saucy	Ignored (end of life)
	trusty	Released (1.10.6-1)
	upstream	Released (1.10.6-1)
	utopic	Released (1.10.6-1)
	vivid	Released (1.10.6-1)
	wily	Released (1.10.6-1)
	xenial	Released (1.10.6-1)
	yakkety	Released (1.10.6-1)
	zesty	Released (1.10.6-1)
	Patches: upstream: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f567435ac7140c96a5de56dbce3d5e7659af4d09

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2014-2299

Priority

Status

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading