6.8

CVE-2013-7014

Exploit
Integer signedness error in the add_bytes_l2_c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted PNG data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FfmpegFfmpeg Version <= 2.0.1
FfmpegFfmpeg Version0.3
FfmpegFfmpeg Version0.3.1
FfmpegFfmpeg Version0.3.2
FfmpegFfmpeg Version0.3.3
FfmpegFfmpeg Version0.3.4
FfmpegFfmpeg Version0.4.0
FfmpegFfmpeg Version0.4.2
FfmpegFfmpeg Version0.4.3
FfmpegFfmpeg Version0.4.4
FfmpegFfmpeg Version0.4.5
FfmpegFfmpeg Version0.4.6
FfmpegFfmpeg Version0.4.7
FfmpegFfmpeg Version0.4.8
FfmpegFfmpeg Version0.4.9 Updatepre1
FfmpegFfmpeg Version0.5
FfmpegFfmpeg Version0.5.1
FfmpegFfmpeg Version0.5.2
FfmpegFfmpeg Version0.5.3
FfmpegFfmpeg Version0.5.4
FfmpegFfmpeg Version0.5.4.5
FfmpegFfmpeg Version0.5.4.6
FfmpegFfmpeg Version0.5.5
FfmpegFfmpeg Version0.6
FfmpegFfmpeg Version0.6.1
FfmpegFfmpeg Version0.6.2
FfmpegFfmpeg Version0.6.3
FfmpegFfmpeg Version0.7
FfmpegFfmpeg Version0.7.1
FfmpegFfmpeg Version0.7.2
FfmpegFfmpeg Version0.7.3
FfmpegFfmpeg Version0.7.4
FfmpegFfmpeg Version0.7.5
FfmpegFfmpeg Version0.7.6
FfmpegFfmpeg Version0.7.7
FfmpegFfmpeg Version0.7.8
FfmpegFfmpeg Version0.7.9
FfmpegFfmpeg Version0.7.11
FfmpegFfmpeg Version0.7.12
FfmpegFfmpeg Version0.8.0
FfmpegFfmpeg Version0.8.1
FfmpegFfmpeg Version0.8.2
FfmpegFfmpeg Version0.8.5
FfmpegFfmpeg Version0.8.5.3
FfmpegFfmpeg Version0.8.5.4
FfmpegFfmpeg Version0.8.6
FfmpegFfmpeg Version0.8.7
FfmpegFfmpeg Version0.8.8
FfmpegFfmpeg Version0.8.10
FfmpegFfmpeg Version0.8.11
FfmpegFfmpeg Version0.9
FfmpegFfmpeg Version0.9.1
FfmpegFfmpeg Version0.10
FfmpegFfmpeg Version0.10.3
FfmpegFfmpeg Version0.10.4
FfmpegFfmpeg Version0.11
FfmpegFfmpeg Version1.0
FfmpegFfmpeg Version1.1.1
FfmpegFfmpeg Version1.1.2
FfmpegFfmpeg Version1.1.3
FfmpegFfmpeg Version1.1.4
FfmpegFfmpeg Version1.2
FfmpegFfmpeg Version1.2.1
FfmpegFfmpeg Version2.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.73% 0.746
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://ffmpeg.org/security.html
https://security.gentoo.org/glsa/201603-06
http://www.debian.org/security/2014/dsa-2855
http://openwall.com/lists/oss-security/2013/11/26/7
Patch
http://openwall.com/lists/oss-security/2013/12/08/3
Patch
http://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v9.11
https://github.com/FFmpeg/FFmpeg/commit/86736f59d6a527d8bc807d09b93f971c0fe0bb07
Patch
Exploit
https://trac.ffmpeg.org/ticket/2919