Lucene search

[email protected]CVE-2013-3670

HistoryOct 03, 2022 - 4:14 p.m.

CVE-2013-3670

2022-10-0316:14:44

CWE-119

[email protected]

web.nvd.nist.gov

ffmpeg

rle_unpack

libavcodec

vulnerability

2013

denial of service

remote attackers

cve-2013-3670

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

9.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.0%

JSON

The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 20130328 through 20130501 does not properly use the bytestream2 API, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted RLE data. NOTE: the vendor has listed this as an issue fixed in 1.2.1, but the issue is actually in new code that was not shipped with the 1.2.1 release or any earlier release.

Affected configurations

NVD

Node

ffmpegffmpegRange≤1.2

CPENameOperatorVersion
ffmpeg:ffmpegffmpegle1.2

CPE	Name	Operator	Version
ffmpeg:ffmpeg	ffmpeg	le	1.2

References

ffmpeg.org/security.html

git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=0baa0a5a02e16ef097ed9f72bc8a7d7b585c7652

git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=c1f2c4c3b49277d65b71ccdd3b6b2878f1b593eb

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

9.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.0%

JSON

Related for CVE-2013-3670

nvd1 ubuntucve1 debiancve1 prion1 cvelist1 gentoo1 openvas1 nessus1