Lucene search

K
ubuntucveUbuntu.comUB:CVE-2013-0868
HistoryNov 23, 2013 - 12:00 a.m.

CVE-2013-0868

2013-11-2300:00:00
ubuntu.com
ubuntu.com
12

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.004

Percentile

71.9%

libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to
have an unspecified impact via crafted Huffyuv data, related to an
out-of-bounds write and (1) unchecked return codes from the init_vlc
function and (2) “len==0 cases.”

Notes

Author Note
mdeslaur libav and ffmpeg codebases have diverged to the point of not being able to track both using the same CVE numbers. Marking this CVE as not-affected for libav.

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.004

Percentile

71.9%