CVE-2014-2299
EPSS 66.9%
Description
Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.
How to fix CVE-2014-2299
To remediate CVE-2014-2299, upgrade the affected package to a fixed version below.
- Debian/wireshark—upgrade to 1.10.6-1 or later
Is CVE-2014-2299 being exploited?
Likely — EPSS is 66.9%, placing CVE-2014-2299 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (1)
- from 0, < 1.10.6-1