CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
71.9%
libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to
have an unspecified impact via crafted Huffyuv data, related to an
out-of-bounds write and (1) unchecked return codes from the init_vlc
function and (2) “len==0 cases.”
Author | Note |
---|---|
mdeslaur | libav and ffmpeg codebases have diverged to the point of not being able to track both using the same CVE numbers. Marking this CVE as not-affected for libav. |
git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0dfc01c2bbf4b71bb56201bc4a393321e15d1b31
git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f67a0d115254461649470452058fa3c28c0df294
launchpad.net/bugs/cve/CVE-2013-0868
nvd.nist.gov/vuln/detail/CVE-2013-0868
security-tracker.debian.org/tracker/CVE-2013-0868
www.cve.org/CVERecord?id=CVE-2013-0868