Lucene search
MitreCVE-2013-7012HistoryDec 09, 2013 - 4:36 p.m.
CVE-2013-7012
2013-12-0916:36:48
CWE-119
mitre
web.nvd.nist.gov
27
ffmpeg
jpeg2000
vulnerability
denial of service
array access
remote attackers
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.5
Confidence
High
EPSS
0.011
Percentile
84.4%
The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.
Affected configurations
Node
ffmpegffmpegRange≤2.0.1
ORffmpegffmpegMatch0.3
ORffmpegffmpegMatch0.3.1
ORffmpegffmpegMatch0.3.2
ORffmpegffmpegMatch0.3.3
ORffmpegffmpegMatch0.3.4
ORffmpegffmpegMatch0.4.0
ORffmpegffmpegMatch0.4.2
ORffmpegffmpegMatch0.4.3
ORffmpegffmpegMatch0.4.4
ORffmpegffmpegMatch0.4.5
ORffmpegffmpegMatch0.4.6
ORffmpegffmpegMatch0.4.7
ORffmpegffmpegMatch0.4.8
ORffmpegffmpegMatch0.4.9pre1
ORffmpegffmpegMatch0.5
ORffmpegffmpegMatch0.5.1
ORffmpegffmpegMatch0.5.2
ORffmpegffmpegMatch0.5.3
ORffmpegffmpegMatch0.5.4
ORffmpegffmpegMatch0.5.4.5
ORffmpegffmpegMatch0.5.4.6
ORffmpegffmpegMatch0.5.5
ORffmpegffmpegMatch0.6
ORffmpegffmpegMatch0.6.1
ORffmpegffmpegMatch0.6.2
ORffmpegffmpegMatch0.6.3
ORffmpegffmpegMatch0.7
ORffmpegffmpegMatch0.7.1
ORffmpegffmpegMatch0.7.2
ORffmpegffmpegMatch0.7.3
ORffmpegffmpegMatch0.7.4
ORffmpegffmpegMatch0.7.5
ORffmpegffmpegMatch0.7.6
ORffmpegffmpegMatch0.7.7
ORffmpegffmpegMatch0.7.8
ORffmpegffmpegMatch0.7.9
ORffmpegffmpegMatch0.7.11
ORffmpegffmpegMatch0.7.12
ORffmpegffmpegMatch0.8.0
ORffmpegffmpegMatch0.8.1
ORffmpegffmpegMatch0.8.2
ORffmpegffmpegMatch0.8.5
ORffmpegffmpegMatch0.8.5.3
ORffmpegffmpegMatch0.8.5.4
ORffmpegffmpegMatch0.8.6
ORffmpegffmpegMatch0.8.7
ORffmpegffmpegMatch0.8.8
ORffmpegffmpegMatch0.8.10
ORffmpegffmpegMatch0.8.11
ORffmpegffmpegMatch0.9
ORffmpegffmpegMatch0.9.1
ORffmpegffmpegMatch0.10
ORffmpegffmpegMatch0.10.3
ORffmpegffmpegMatch0.10.4
ORffmpegffmpegMatch0.11
ORffmpegffmpegMatch1.0
ORffmpegffmpegMatch1.1.1
ORffmpegffmpegMatch1.1.2
ORffmpegffmpegMatch1.1.3
ORffmpegffmpegMatch1.1.4
ORffmpegffmpegMatch1.2
ORffmpegffmpegMatch1.2.1
ORffmpegffmpegMatch2.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ffmpeg | ffmpeg | * | cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* |
| ffmpeg | ffmpeg | 0.3 | cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:* |
| ffmpeg | ffmpeg | 0.3.1 | cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:* |
| ffmpeg | ffmpeg | 0.3.2 | cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:* |
| ffmpeg | ffmpeg | 0.3.3 | cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:* |
| ffmpeg | ffmpeg | 0.3.4 | cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:* |
| ffmpeg | ffmpeg | 0.4.0 | cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:* |
| ffmpeg | ffmpeg | 0.4.2 | cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:* |
| ffmpeg | ffmpeg | 0.4.3 | cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:* |
| ffmpeg | ffmpeg | 0.4.4 | cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2013-7012
2013-12-09 11:00:00
nvd
nvd
CVE-2013-7012
2013-12-09 16:36:48
ubuntucve
ubuntucve
CVE-2013-7012
2013-12-09 00:00:00
debiancve
debiancve
CVE-2013-7012
2013-12-09 16:36:48
prion
prion
Out-of-bounds
2013-12-09 16:36:00
nessus
nessus
GLSA-201603-06 : FFmpeg: Multiple vulnerabilities
2016-03-14 00:00:00
gentoo
gentoo
FFmpeg: Multiple vulnerabilities
2016-03-12 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201603-06
2016-03-14 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.5
Confidence
High
EPSS
0.011
Percentile
84.4%
Related for CVE-2013-7012