CVE-2013-3672

EPSS 0.88%
Veröffentlicht 10.06.2013 03:19:54
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted American Laser Games (ALG) MM Video data.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ffmpeg ≫ Ffmpeg Version <= 1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.88%	0.731

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://ffmpeg.org/security.html

http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=7fa6db2545643efb4fe2e0bb501fa50af35a6330

http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=8d3c99e825317b7efda5fd12e69896b47c700303

http://www.mandriva.com/security/advisories?name=MDVSA-2014:227

https://nvd.nist.gov/vuln/detail/CVE-2013-3672

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-3672

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-3672

EUVD