CVE-2013-3670

2013-06-1000:00:00

ubuntu.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

61.0%

JSON

The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 20130328
through 20130501 does not properly use the bytestream2 API, which allows
remote attackers to cause a denial of service (out-of-bounds array access
and application crash) via crafted RLE data. NOTE: the vendor has listed
this as an issue fixed in 1.2.1, but the issue is actually in new code that
was not shipped with the 1.2.1 release or any earlier release.

Notes

Author	Note
mdeslaur	libav and ffmpeg codebases have diverged to the point of not being able to track both using the same CVE numbers. Marking this CVE as not-affected for libav.