Vulnerability Details : CVE-2013-4358

libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to cause a denial of service (crash) via vectors related to alternating bit depths in H.264 data.

Vulnerability category: Denial of service

Published 2013-12-24 19:55:07

Updated 2013-12-26 15:28:57

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2013-4358

Probability of exploitation activity in the next 30 days: 0.31%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 66 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-4358

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

References for CVE-2013-4358

Products affected by CVE-2013-4358

Ffmpeg » Ffmpeg
Versions up to, including, (<=) 0.11.3
cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
Matching versions
Ffmpeg » Ffmpeg » Version: 0.11
cpe:2.3:a:ffmpeg:ffmpeg:0.11:*:*:*:*:*:*:*
Matching versions
Ffmpeg » Ffmpeg » Version: 0.11.2
cpe:2.3:a:ffmpeg:ffmpeg:0.11.2:*:*:*:*:*:*:*
Matching versions
Ffmpeg » Ffmpeg » Version: 0.11.1
cpe:2.3:a:ffmpeg:ffmpeg:0.11.1:*:*:*:*:*:*:*
Matching versions