Vulnerability Details : CVE-2013-3672
The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted American Laser Games (ALG) MM Video data.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2013-3672
- cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-3672
0.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-3672
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2013-3672
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-3672
-
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8d3c99e825317b7efda5fd12e69896b47c700303
git.videolan.org Git - ffmpeg.git/commitPatch
-
http://ffmpeg.org/security.html
FFmpeg Security
-
http://www.mandriva.com/security/advisories?name=MDVSA-2014:227
mandriva.com
-
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7fa6db2545643efb4fe2e0bb501fa50af35a6330
git.videolan.org Git - ffmpeg.git/commitPatch
Jump to