4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
64.5%
The process_frame_obj function in sanm.c in libavcodec in FFmpeg before
1.2.1 does not validate width and height values, which allows remote
attackers to cause a denial of service (integer overflow, out-of-bounds
array access, and application crash) via crafted LucasArts Smush video
data.
Author | Note |
---|---|
mdeslaur | libav and ffmpeg codebases have diverged to the point of not being able to track both using the same CVE numbers. Marking this CVE as not-affected for libav. |