Sign-up

ID

VAR-201405-0518


CVE

CVE-2014-3735


TITLE

Intel Indeo Video for ir41_32.ax Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-002560

DESCRIPTION

ir41_32.ax 4.51.16.3 for Intel Indeo Video 4.5 allows remote attackers to cause a denial of service (crash) via a crafted .avi file. Intel Indeo Video is prone to a memory-corruption vulnerability. Attackers can exploit this issue to crash the affected application, resulting in a denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed. Intel Indeo Video 4.5 ir41_32.ax version 4.51.16.3 is vulnerable; other versions may also be affected

Trust: 1.98

sources: NVD: CVE-2014-3735 // JVNDB: JVNDB-2014-002560 // BID: 67431 // VULHUB: VHN-71675

AFFECTED PRODUCTS

vendor:intelmodel:indeo videoscope:eqversion:4.5

Trust: 1.6

vendor:intelmodel:indeo videoscope:eqversion:for ir41_32.ax 4.51.16.3

Trust: 0.8

sources: JVNDB: JVNDB-2014-002560 // CNNVD: CNNVD-201405-321 // NVD: CVE-2014-3735

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3735
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3735
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201405-321
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71675
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3735
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71675
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71675 // JVNDB: JVNDB-2014-002560 // CNNVD: CNNVD-201405-321 // NVD: CVE-2014-3735

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-71675 // JVNDB: JVNDB-2014-002560 // NVD: CVE-2014-3735

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-321

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201405-321

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002560

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-71675

PATCH
title:トップページurl:http://www.intel.co.jp/content/www/jp/ja/homepage.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-002560

EXTERNAL IDS
db:NVDid:CVE-2014-3735
Trust: 2.8
db:BIDid:67431
Trust: 2.8
db:PACKETSTORMid:126640
Trust: 1.7
db:JVNDBid:JVNDB-2014-002560
Trust: 0.8
db:CNNVDid:CNNVD-201405-321
Trust: 0.7
db:VULHUBid:VHN-71675
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71675 // 
            
            
            
            BID: 67431 // 
            
            
            
            JVNDB: JVNDB-2014-002560 // 
            
            
            
            CNNVD: CNNVD-201405-321 // 
            
            
            
            NVD: CVE-2014-3735

REFERENCES
url:http://www.securityfocus.com/bid/67431
Trust: 2.5
url:http://packetstormsecurity.com/files/126640/intel-ideo-video-4.5-memory-corruption.html
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3735
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3735
Trust: 0.8
url:http://www.intel.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71675 // 
            
            
            
            BID: 67431 // 
            
            
            
            JVNDB: JVNDB-2014-002560 // 
            
            
            
            CNNVD: CNNVD-201405-321 // 
            
            
            
            NVD: CVE-2014-3735

CREDITS
Aryan Bayaninejad
Trust: 0.3
sources:
            
            
            BID: 67431

SOURCES
db:VULHUBid:VHN-71675
db:BIDid:67431
db:JVNDBid:JVNDB-2014-002560
db:CNNVDid:CNNVD-201405-321
db:NVDid:CVE-2014-3735

LAST UPDATE DATE
2025-04-13T23:36:35.590000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71675date:2014-06-03T00:00:00
db:BIDid:67431date:2014-05-16T00:00:00
db:JVNDBid:JVNDB-2014-002560date:2014-05-21T00:00:00
db:CNNVDid:CNNVD-201405-321date:2014-05-22T00:00:00
db:NVDid:CVE-2014-3735date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-71675date:2014-05-19T00:00:00
db:BIDid:67431date:2014-05-16T00:00:00
db:JVNDBid:JVNDB-2014-002560date:2014-05-21T00:00:00
db:CNNVDid:CNNVD-201405-321date:2014-05-22T00:00:00
db:NVDid:CVE-2014-3735date:2014-05-19T14:55:12.750