CVE-2013-0858Ffmpeg vulnerability

4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
1.2%
top 21.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
FfmpegDebian FfmpegDebian Linux
Timeline
PublishedDec 7
Latest updateMay 17

Description

The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

debiandebian/ffmpeg< ffmpeg 7:2.4.1-1 (bookworm)
Debianffmpeg/ffmpeg< 7:2.4.1-1+3
NVDffmpeg/ffmpeg1.0.3+56

Also affects: Debian Linux 7.0

🔴Vulnerability Details

2
GHSA
GHSA-8mjg-4mv3-r39f: The atrac3_decode_init function in libavcodec/atrac32022-05-17
OSV
CVE-2013-0858: The atrac3_decode_init function in libavcodec/atrac32013-12-07

📋Vendor Advisories

1
Debian
CVE-2013-0858: ffmpeg - The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 al...2013