6.8

CVE-2013-7008

Exploit
The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or possibly have unspecified other impact via crafted H.264 data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FfmpegFfmpeg Version <= 2.0.1
FfmpegFfmpeg Version0.3
FfmpegFfmpeg Version0.3.1
FfmpegFfmpeg Version0.3.2
FfmpegFfmpeg Version0.3.3
FfmpegFfmpeg Version0.3.4
FfmpegFfmpeg Version0.4.0
FfmpegFfmpeg Version0.4.2
FfmpegFfmpeg Version0.4.3
FfmpegFfmpeg Version0.4.4
FfmpegFfmpeg Version0.4.5
FfmpegFfmpeg Version0.4.6
FfmpegFfmpeg Version0.4.7
FfmpegFfmpeg Version0.4.8
FfmpegFfmpeg Version0.4.9 Updatepre1
FfmpegFfmpeg Version0.5
FfmpegFfmpeg Version0.5.1
FfmpegFfmpeg Version0.5.2
FfmpegFfmpeg Version0.5.3
FfmpegFfmpeg Version0.5.4
FfmpegFfmpeg Version0.5.4.5
FfmpegFfmpeg Version0.5.4.6
FfmpegFfmpeg Version0.5.5
FfmpegFfmpeg Version0.6
FfmpegFfmpeg Version0.6.1
FfmpegFfmpeg Version0.6.2
FfmpegFfmpeg Version0.6.3
FfmpegFfmpeg Version0.7
FfmpegFfmpeg Version0.7.1
FfmpegFfmpeg Version0.7.2
FfmpegFfmpeg Version0.7.3
FfmpegFfmpeg Version0.7.4
FfmpegFfmpeg Version0.7.5
FfmpegFfmpeg Version0.7.6
FfmpegFfmpeg Version0.7.7
FfmpegFfmpeg Version0.7.8
FfmpegFfmpeg Version0.7.9
FfmpegFfmpeg Version0.7.11
FfmpegFfmpeg Version0.7.12
FfmpegFfmpeg Version0.8.0
FfmpegFfmpeg Version0.8.1
FfmpegFfmpeg Version0.8.2
FfmpegFfmpeg Version0.8.5
FfmpegFfmpeg Version0.8.5.3
FfmpegFfmpeg Version0.8.5.4
FfmpegFfmpeg Version0.8.6
FfmpegFfmpeg Version0.8.7
FfmpegFfmpeg Version0.8.8
FfmpegFfmpeg Version0.8.10
FfmpegFfmpeg Version0.8.11
FfmpegFfmpeg Version0.9
FfmpegFfmpeg Version0.9.1
FfmpegFfmpeg Version0.10
FfmpegFfmpeg Version0.10.3
FfmpegFfmpeg Version0.10.4
FfmpegFfmpeg Version0.11
FfmpegFfmpeg Version1.0
FfmpegFfmpeg Version1.1.1
FfmpegFfmpeg Version1.1.2
FfmpegFfmpeg Version1.1.3
FfmpegFfmpeg Version1.1.4
FfmpegFfmpeg Version1.2
FfmpegFfmpeg Version1.2.1
FfmpegFfmpeg Version2.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.64% 0.732
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://ffmpeg.org/security.html
https://security.gentoo.org/glsa/201603-06
http://openwall.com/lists/oss-security/2013/11/26/7
Patch
http://openwall.com/lists/oss-security/2013/12/08/3
Patch
https://github.com/FFmpeg/FFmpeg/commit/29ffeef5e73b8f41ff3a3f2242d356759c66f91f
Patch
Exploit
https://trac.ffmpeg.org/ticket/2927
Exploit