Lucene search
Ubuntu.comUB:CVE-2013-2276HistoryFeb 27, 2013 - 12:00 a.m.
CVE-2013-2276
2013-02-2700:00:00
ubuntu.com
ubuntu.com
10
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.003
Percentile
65.7%
The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg
before 1.1.3 does not verify the decoding state before proceeding with
certain skip operations, which allows remote attackers to cause a denial of
service (out-of-bounds array access and application crash) or possibly have
unspecified other impact via crafted audio data.
Notes
| Author | Note |
|---|---|
| mdeslaur | ffmpeg-extra in multiverse needs to have matching version libav-extra is built with tarball produced by libav package |
| jdstrand | avcodec_decode_audio4() does not exist in ffmpeg in Ubuntu 10.04 LTS or libav in Ubuntu 11.10 avcodec_decode_audio4() exists in Ubuntu 12.04 LTS and higher, but does not support skipping samples |
Related
cvelist
cvelist
CVE-2013-2276
2013-02-27 16:00:00
nvd
nvd
CVE-2013-2276
2013-02-27 16:55:02
debiancve
debiancve
CVE-2013-2276
2013-02-27 16:55:02
prion
prion
Out-of-bounds
2013-02-27 16:55:00
cve
cve
CVE-2013-2276
2013-02-27 16:55:02
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.003
Percentile
65.7%
Related for UB:CVE-2013-2276