CVE-2014-2097

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 2.1.4

Description The issue is related to the tak decode frame function in libavcodec/takdec.c, which does not properly validate a certain bits-per-sample value. This allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted TAK (aka Tom's lossless Audio Kompressor) data.

Recommendations For versions prior to 2.1.4, update to version 2.1.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the tak decode frame function until a patch is available. Avoid using crafted TAK data in the affected libavcodec/takdec.c module to minimize the risk of exploitation.