CVE-2013-0858

2013-12-0721:55:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2013-0858

atrac3_decode_init

libavcodec

ffmpeg

vulnerability

remote attacker

atrac3 data

6.7 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

73.7%

JSON

The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels.

CPENameOperatorVersion
debian:debian_linuxdebian debian linuxeq7.0
ffmpeg:ffmpegffmpegeq0.7.7
ffmpeg:ffmpegffmpegeq0.7.1
ffmpeg:ffmpegffmpegeq0.7.6
ffmpeg:ffmpegffmpegeq0.4.5
ffmpeg:ffmpegffmpegeq0.10.3
ffmpeg:ffmpegffmpegeq0.3.2
ffmpeg:ffmpegffmpegeq0.8.6
ffmpeg:ffmpegffmpegeq0.4.7
ffmpeg:ffmpegffmpegeq0.6.1

CPE	Name	Operator	Version
debian:debian_linux	debian debian linux	eq	7.0
ffmpeg:ffmpeg	ffmpeg	eq	0.7.7
ffmpeg:ffmpeg	ffmpeg	eq	0.7.1
ffmpeg:ffmpeg	ffmpeg	eq	0.7.6
ffmpeg:ffmpeg	ffmpeg	eq	0.4.5
ffmpeg:ffmpeg	ffmpeg	eq	0.10.3
ffmpeg:ffmpeg	ffmpeg	eq	0.3.2
ffmpeg:ffmpeg	ffmpeg	eq	0.8.6
ffmpeg:ffmpeg	ffmpeg	eq	0.4.7
ffmpeg:ffmpeg	ffmpeg	eq	0.6.1