CVE-2014-10024

Name of the Vulnerable Software and Affected Versions Divx Web Player (affected versions not specified) Divx Player (affected versions not specified) Other Divx plugins (affected versions not specified)

Description The issue is related to multiple integer signedness errors in the DirectShowDemuxFilter, which is used in various Divx products. This can be exploited by remote attackers to execute arbitrary code through a negative or large value in a Stream Format (STRF) chunk in an AVI file, leading to a heap-based buffer overflow.

Recommendations For Divx Web Player, update to a version that addresses the integer signedness errors in DirectShowDemuxFilter. For Divx Player, update to a version that addresses the integer signedness errors in DirectShowDemuxFilter. For other Divx plugins, update to a version that addresses the integer signedness errors in DirectShowDemuxFilter. As a temporary workaround, consider avoiding the use of AVI files with negative or large values in Stream Format (STRF) chunks until a patch is available.