Lucene search

K
ubuntucveUbuntu.comUB:CVE-2013-0866
HistoryNov 23, 2013 - 12:00 a.m.

CVE-2013-0866

2013-11-2300:00:00
ubuntu.com
ubuntu.com
8

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.005

Percentile

76.2%

The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1.0.4
and 1.1.x before 1.1.2 allows remote attackers to have an unspecified
impact via a large number of channels in an AAC file, which triggers an
out-of-bounds array access.

Notes

Author Note
mdeslaur libav and ffmpeg codebases have diverged to the point of not being able to track both using the same CVE numbers. Marking this CVE as not-affected for libav.

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.005

Percentile

76.2%