CVE-2013-0851Improper Restriction of Operations within the Bounds of a Memory Buffer in Ffmpeg

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
0.5%
top 32.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
FfmpegDebian Ffmpeg
Timeline
PublishedDec 7
Latest updateMay 17

Description

The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDffmpeg/ffmpeg1.0+54
debiandebian/ffmpeg

🔴Vulnerability Details

1
GHSA
GHSA-2m76-jw89-jx9c: The decode_frame function in libavcodec/eamad2022-05-17

📋Vendor Advisories

1
Debian
CVE-2013-0851: ffmpeg - The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remo...2013

💬Community

1
Bugzilla
CVE-2013-7397 async-http-client: SSL/TLS certificate verification is disabled under certain conditions2014-08-26