9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.017 Low
EPSS
Percentile
87.8%
Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows remote
attackers to cause a denial of service and possibly execute arbitrary code
via a crafted VP3 file that triggers an out-of-bounds read and possibly
memory corruption.
Author | Note |
---|---|
mdeslaur | 0.5.x doesn’t seem affected, can’t reproduce |