Lucene search

K
ubuntucveUbuntu.comUB:CVE-2013-0848
HistoryDec 07, 2013 - 12:00 a.m.

CVE-2013-0848

2013-12-0700:00:00
ubuntu.com
ubuntu.com
11

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

71.4%

The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1
allows remote attackers to have an unspecified impact via a crafted width
in huffyuv data with the predictor set to median and the colorspace set to
YUV422P, which triggers an out-of-bounds array access.

Notes

Author Note
mdeslaur libav and ffmpeg codebases have diverged to the point of not being able to track both using the same CVE numbers. Marking this CVE as not-affected for libav.

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

71.4%