Vulnerability Details : CVE-2013-3675
The process_frame_obj function in sanm.c in libavcodec in FFmpeg before 1.2.1 does not validate width and height values, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) via crafted LucasArts Smush video data.
Vulnerability category: OverflowInput validationDenial of service
Products affected by CVE-2013-3675
- cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-3675
0.34%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-3675
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2013-3675
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-3675
-
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=9dd04f6d8cdd1c10c28b2cb4252c1a41df581915
git.videolan.org Git - ffmpeg.git/commitPatch
-
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=524d0d2cfc7bab1b348f85e7c0369859e63781cf
git.videolan.org Git - ffmpeg.git/commitPatch
-
http://ffmpeg.org/security.html
FFmpeg Security
Jump to