CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
74.5%
The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2
does not properly maintain height and width values in the video context,
which allows remote attackers to cause a denial of service (segmentation
violation and application crash) or possibly have unspecified other impact
via crafted LucasArts Smush video data.