ID CVE-2013-7022Type cveReporter NVDModified 2016-12-02T22:00:47
Description
The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.
{"id": "CVE-2013-7022", "bulletinFamily": "NVD", "title": "CVE-2013-7022", "description": "The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.", "published": "2013-12-09T11:36:50", "modified": "2016-12-02T22:00:47", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7022", "reporter": "NVD", "references": ["http://openwall.com/lists/oss-security/2013/12/08/3", "http://ffmpeg.org/security.html", "https://security.gentoo.org/glsa/201603-06", "https://github.com/FFmpeg/FFmpeg/commit/e07ac727c1cc9eed39e7f9117c97006f719864bd", "https://trac.ffmpeg.org/ticket/2971", "http://openwall.com/lists/oss-security/2013/11/26/7"], "cvelist": ["CVE-2013-7022"], "type": "cve", "lastseen": "2017-04-18T15:54:14", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:ffmpeg:ffmpeg:0.3.4", "cpe:/a:ffmpeg:ffmpeg:0.10.4", "cpe:/a:ffmpeg:ffmpeg:0.7.12", "cpe:/a:ffmpeg:ffmpeg:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.8.6", "cpe:/a:ffmpeg:ffmpeg:0.8.7", "cpe:/a:ffmpeg:ffmpeg:0.7.7", "cpe:/a:ffmpeg:ffmpeg:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.11", "cpe:/a:ffmpeg:ffmpeg:0.6.3", "cpe:/a:ffmpeg:ffmpeg:0.10", "cpe:/a:ffmpeg:ffmpeg:0.4.7", "cpe:/a:ffmpeg:ffmpeg:0.3", "cpe:/a:ffmpeg:ffmpeg:1.1.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5", "cpe:/a:ffmpeg:ffmpeg:0.3.2", "cpe:/a:ffmpeg:ffmpeg:2.0", "cpe:/a:ffmpeg:ffmpeg:0.8.11", "cpe:/a:ffmpeg:ffmpeg:0.8.10", "cpe:/a:ffmpeg:ffmpeg:0.5.1", "cpe:/a:ffmpeg:ffmpeg:0.4.2", "cpe:/a:ffmpeg:ffmpeg:0.7.8", "cpe:/a:ffmpeg:ffmpeg:1.0", "cpe:/a:ffmpeg:ffmpeg:0.5", "cpe:/a:ffmpeg:ffmpeg:2.0.1", "cpe:/a:ffmpeg:ffmpeg:0.3.3", "cpe:/a:ffmpeg:ffmpeg:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.5", "cpe:/a:ffmpeg:ffmpeg:0.4.6", "cpe:/a:ffmpeg:ffmpeg:0.5.3", "cpe:/a:ffmpeg:ffmpeg:0.4.9:pre1", "cpe:/a:ffmpeg:ffmpeg:0.6", "cpe:/a:ffmpeg:ffmpeg:0.5.5", "cpe:/a:ffmpeg:ffmpeg:0.8.8", "cpe:/a:ffmpeg:ffmpeg:1.1.2", "cpe:/a:ffmpeg:ffmpeg:0.9", "cpe:/a:ffmpeg:ffmpeg:0.5.2", "cpe:/a:ffmpeg:ffmpeg:0.10.3", "cpe:/a:ffmpeg:ffmpeg:0.4.3", "cpe:/a:ffmpeg:ffmpeg:1.2.1", "cpe:/a:ffmpeg:ffmpeg:1.1.4", "cpe:/a:ffmpeg:ffmpeg:0.5.4", "cpe:/a:ffmpeg:ffmpeg:1.1.1", "cpe:/a:ffmpeg:ffmpeg:0.3.1", "cpe:/a:ffmpeg:ffmpeg:0.7.11", "cpe:/a:ffmpeg:ffmpeg:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.5", "cpe:/a:ffmpeg:ffmpeg:0.4.4", "cpe:/a:ffmpeg:ffmpeg:0.8.2", "cpe:/a:ffmpeg:ffmpeg:1.2", "cpe:/a:ffmpeg:ffmpeg:0.6.1", "cpe:/a:ffmpeg:ffmpeg:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.9.1", "cpe:/a:ffmpeg:ffmpeg:0.4.5", "cpe:/a:ffmpeg:ffmpeg:0.6.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.6", "cpe:/a:ffmpeg:ffmpeg:0.7", "cpe:/a:ffmpeg:ffmpeg:0.8.0", "cpe:/a:ffmpeg:ffmpeg:0.4.8", "cpe:/a:ffmpeg:ffmpeg:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5.4", "cpe:/a:ffmpeg:ffmpeg:0.7.9", "cpe:/a:ffmpeg:ffmpeg:0.4.0", "cpe:/a:ffmpeg:ffmpeg:0.8.5.3"], "cvelist": ["CVE-2013-7022"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.", "edition": 1, "hash": "78a8c90065b2b53cee72865966d1d01a1be5d6f70c52a927ce9004d22d9efff0", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "5541ea59cd849d1992b5b4a157b3f8b1", "key": "references"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "748afbc190453cb06fbdb25836d02f1f", "key": "cpe"}, {"hash": "1c2f08e5ab817ef362276ca333acb4fa", "key": "title"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "4e1e2b50caf56fa09f6068e8a9644fa8", "key": "description"}, {"hash": "ab441f492d7a3d1d2e0cc00c8b901030", "key": "href"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "9f895b78d29fc0c76846f11229a12e0e", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "52cde7566612d7601a33b72e67c74b72", "key": "published"}, {"hash": "98b57c4327b27d9b94e90fe07d1a07c0", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7022", "id": "CVE-2013-7022", "lastseen": "2016-09-03T19:16:56", "modified": "2013-12-10T15:46:24", "objectVersion": "1.2", "published": "2013-12-09T11:36:50", "references": ["http://openwall.com/lists/oss-security/2013/12/08/3", "http://ffmpeg.org/security.html", "https://github.com/FFmpeg/FFmpeg/commit/e07ac727c1cc9eed39e7f9117c97006f719864bd", "https://trac.ffmpeg.org/ticket/2971", "http://openwall.com/lists/oss-security/2013/11/26/7"], "reporter": "NVD", "scanner": [], "title": "CVE-2013-7022", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T19:16:56"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "748afbc190453cb06fbdb25836d02f1f"}, {"key": "cvelist", "hash": "9f895b78d29fc0c76846f11229a12e0e"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "4e1e2b50caf56fa09f6068e8a9644fa8"}, {"key": "href", "hash": "ab441f492d7a3d1d2e0cc00c8b901030"}, {"key": "modified", "hash": "294e043cb9ad5c3af2848a2cb0101c10"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "52cde7566612d7601a33b72e67c74b72"}, {"key": "references", "hash": "7ac5ccca8f52f30f41a5ededc4bd6714"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "1c2f08e5ab817ef362276ca333acb4fa"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "a90dc657a2f6928c273953e63fadc66fed7169ddb33e345354e1cfc0bd0cc93f", "viewCount": 0, "objectVersion": "1.2", "cpe": ["cpe:/a:ffmpeg:ffmpeg:0.3.4", "cpe:/a:ffmpeg:ffmpeg:0.10.4", "cpe:/a:ffmpeg:ffmpeg:0.7.12", "cpe:/a:ffmpeg:ffmpeg:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.8.6", "cpe:/a:ffmpeg:ffmpeg:0.8.7", "cpe:/a:ffmpeg:ffmpeg:0.7.7", "cpe:/a:ffmpeg:ffmpeg:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.11", "cpe:/a:ffmpeg:ffmpeg:0.6.3", "cpe:/a:ffmpeg:ffmpeg:0.10", "cpe:/a:ffmpeg:ffmpeg:0.4.7", "cpe:/a:ffmpeg:ffmpeg:0.3", "cpe:/a:ffmpeg:ffmpeg:1.1.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5", "cpe:/a:ffmpeg:ffmpeg:0.3.2", "cpe:/a:ffmpeg:ffmpeg:2.0", "cpe:/a:ffmpeg:ffmpeg:0.8.11", "cpe:/a:ffmpeg:ffmpeg:0.8.10", "cpe:/a:ffmpeg:ffmpeg:0.5.1", "cpe:/a:ffmpeg:ffmpeg:0.4.2", "cpe:/a:ffmpeg:ffmpeg:0.7.8", "cpe:/a:ffmpeg:ffmpeg:1.0", "cpe:/a:ffmpeg:ffmpeg:0.5", "cpe:/a:ffmpeg:ffmpeg:2.0.1", "cpe:/a:ffmpeg:ffmpeg:0.3.3", "cpe:/a:ffmpeg:ffmpeg:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.5", "cpe:/a:ffmpeg:ffmpeg:0.4.6", "cpe:/a:ffmpeg:ffmpeg:0.5.3", "cpe:/a:ffmpeg:ffmpeg:0.4.9:pre1", "cpe:/a:ffmpeg:ffmpeg:0.6", "cpe:/a:ffmpeg:ffmpeg:0.5.5", "cpe:/a:ffmpeg:ffmpeg:0.8.8", "cpe:/a:ffmpeg:ffmpeg:1.1.2", "cpe:/a:ffmpeg:ffmpeg:0.9", "cpe:/a:ffmpeg:ffmpeg:0.5.2", "cpe:/a:ffmpeg:ffmpeg:0.10.3", "cpe:/a:ffmpeg:ffmpeg:0.4.3", "cpe:/a:ffmpeg:ffmpeg:1.2.1", "cpe:/a:ffmpeg:ffmpeg:1.1.4", "cpe:/a:ffmpeg:ffmpeg:0.5.4", "cpe:/a:ffmpeg:ffmpeg:1.1.1", "cpe:/a:ffmpeg:ffmpeg:0.3.1", "cpe:/a:ffmpeg:ffmpeg:0.7.11", "cpe:/a:ffmpeg:ffmpeg:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.5", "cpe:/a:ffmpeg:ffmpeg:0.4.4", "cpe:/a:ffmpeg:ffmpeg:0.8.2", "cpe:/a:ffmpeg:ffmpeg:1.2", "cpe:/a:ffmpeg:ffmpeg:0.6.1", "cpe:/a:ffmpeg:ffmpeg:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.9.1", "cpe:/a:ffmpeg:ffmpeg:0.4.5", "cpe:/a:ffmpeg:ffmpeg:0.6.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.6", "cpe:/a:ffmpeg:ffmpeg:0.7", "cpe:/a:ffmpeg:ffmpeg:0.8.0", "cpe:/a:ffmpeg:ffmpeg:0.4.8", "cpe:/a:ffmpeg:ffmpeg:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5.4", "cpe:/a:ffmpeg:ffmpeg:0.7.9", "cpe:/a:ffmpeg:ffmpeg:0.4.0", "cpe:/a:ffmpeg:ffmpeg:0.8.5.3"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": [], "enchantments": {"vulnersScore": 7.5}}
{"result": {"openvas": [{"id": "OPENVAS:1361412562310121448", "type": "openvas", "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201603-06", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201603-06", "published": "2016-03-14T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121448", "cvelist": ["CVE-2014-8547", "CVE-2013-0861", "CVE-2014-9602", "CVE-2014-8544", "CVE-2014-8542", "CVE-2014-8545", "CVE-2013-7021", "CVE-2014-7937", "CVE-2013-0862", "CVE-2013-7022", "CVE-2014-2263", "CVE-2014-9316", "CVE-2014-8543", "CVE-2014-2098", "CVE-2014-2097", "CVE-2013-0863", "CVE-2014-9319", "CVE-2013-7015", "CVE-2013-0877", "CVE-2013-0875", "CVE-2013-7012", "CVE-2013-0866", "CVE-2013-0873", "CVE-2014-9604", "CVE-2013-0872", "CVE-2013-4264", "CVE-2013-4265", "CVE-2013-7019", "CVE-2013-7018", "CVE-2013-7017", "CVE-2015-3395", "CVE-2013-7016", "CVE-2014-8549", "CVE-2013-0860", "CVE-2013-7010", "CVE-2013-7023", "CVE-2014-8546", "CVE-2014-8548", "CVE-2014-9318", "CVE-2014-9317", "CVE-2014-5272", "CVE-2014-5271", "CVE-2013-0865", "CVE-2013-0867", "CVE-2013-7024", "CVE-2013-0878", "CVE-2013-7008", "CVE-2013-7011", "CVE-2014-9603", "CVE-2014-8541", "CVE-2013-7009", "CVE-2013-0876", "CVE-2013-0874", "CVE-2013-0864", "CVE-2013-0868", "CVE-2013-7014", "CVE-2013-7020", "CVE-2013-4263", "CVE-2013-7013"], "lastseen": "2017-12-08T11:52:22"}], "gentoo": [{"id": "GLSA-201603-06", "type": "gentoo", "title": "FFmpeg: Multiple vulnerabilities", "description": "### Background\n\nFFmpeg is a complete, cross-platform solution to record, convert and stream audio and video. \n\n### Description\n\nMultiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll FFmpeg users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/ffmpeg-2.6.3\"", "published": "2016-03-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201603-06", "cvelist": ["CVE-2014-8547", "CVE-2013-0861", "CVE-2014-9602", "CVE-2014-8544", "CVE-2014-8542", "CVE-2014-8545", "CVE-2013-7021", "CVE-2014-7937", "CVE-2013-0862", "CVE-2013-7022", "CVE-2014-2263", "CVE-2014-9316", "CVE-2014-8543", "CVE-2014-2098", "CVE-2014-2097", "CVE-2013-0863", "CVE-2014-9319", "CVE-2013-7015", "CVE-2013-0877", "CVE-2013-0875", "CVE-2013-7012", "CVE-2013-0866", "CVE-2013-0873", "CVE-2014-9604", "CVE-2013-0872", "CVE-2013-4264", "CVE-2013-4265", "CVE-2013-7019", "CVE-2013-7018", "CVE-2013-7017", "CVE-2015-3395", "CVE-2013-7016", "CVE-2014-8549", "CVE-2013-0860", "CVE-2013-7010", "CVE-2013-7023", "CVE-2014-8546", "CVE-2014-8548", "CVE-2014-9318", "CVE-2014-9317", "CVE-2014-5272", "CVE-2014-5271", "CVE-2013-0865", "CVE-2013-0867", "CVE-2013-7024", "CVE-2013-0878", "CVE-2013-7008", "CVE-2013-7011", "CVE-2014-9603", "CVE-2014-8541", "CVE-2013-7009", "CVE-2013-0876", "CVE-2013-0874", "CVE-2013-0864", "CVE-2013-0868", "CVE-2013-7014", "CVE-2013-7020", "CVE-2013-4263", "CVE-2013-7013"], "lastseen": "2016-09-06T19:46:01"}], "nessus": [{"id": "GENTOO_GLSA-201603-06.NASL", "type": "nessus", "title": "GLSA-201603-06 : FFmpeg: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201603-06 (FFmpeg: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "published": "2016-03-14T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=89899", "cvelist": ["CVE-2014-8547", "CVE-2013-0861", "CVE-2014-9602", "CVE-2014-8544", "CVE-2014-8542", "CVE-2014-8545", "CVE-2013-7021", "CVE-2014-7937", "CVE-2013-0862", "CVE-2013-7022", "CVE-2014-2263", "CVE-2014-9316", "CVE-2014-8543", "CVE-2014-2098", "CVE-2014-2097", "CVE-2013-0863", "CVE-2014-9319", "CVE-2013-7015", "CVE-2013-0877", "CVE-2013-0875", "CVE-2013-7012", "CVE-2013-0866", "CVE-2013-0873", "CVE-2014-9604", "CVE-2013-0872", "CVE-2013-4264", "CVE-2013-4265", "CVE-2013-7019", "CVE-2013-7018", "CVE-2013-7017", "CVE-2015-3395", "CVE-2013-7016", "CVE-2014-8549", "CVE-2013-0860", "CVE-2013-7010", "CVE-2013-7023", "CVE-2014-8546", "CVE-2014-8548", "CVE-2014-9318", "CVE-2014-9317", "CVE-2014-5272", "CVE-2014-5271", "CVE-2013-0865", "CVE-2013-0867", "CVE-2013-7024", "CVE-2013-0878", "CVE-2013-7008", "CVE-2013-7011", "CVE-2014-9603", "CVE-2014-8541", "CVE-2013-7009", "CVE-2013-0876", "CVE-2013-0874", "CVE-2013-0864", "CVE-2013-0868", "CVE-2013-7014", "CVE-2013-7020", "CVE-2013-4263", "CVE-2013-7013"], "lastseen": "2017-10-29T13:35:24"}]}}
