CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
65.7%
The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg
before 1.1.3 does not verify the decoding state before proceeding with
certain skip operations, which allows remote attackers to cause a denial of
service (out-of-bounds array access and application crash) or possibly have
unspecified other impact via crafted audio data.
Author | Note |
---|---|
mdeslaur | ffmpeg-extra in multiverse needs to have matching version libav-extra is built with tarball produced by libav package |
jdstrand | avcodec_decode_audio4() does not exist in ffmpeg in Ubuntu 10.04 LTS or libav in Ubuntu 11.10 avcodec_decode_audio4() exists in Ubuntu 12.04 LTS and higher, but does not support skipping samples |