CVE-2014-10024 Information

Description

Multiple integer signedness errors in DirectShowDemuxFilter as used in Divx Web Player Divx Player and other Divx plugins allow remote attackers to execute arbitrary code via a (1) negative or (2) large value in a Stream Format (STRF) chunk in an AVI file which triggers a heap-based buffer overflow.

Reference

http://seclists.org/fulldisclosure/2014/Apr/283 http://www.securityfocus.com/bid/67086