CVE-2013-0863Improper Restriction of Operations within the Bounds of a Memory Buffer in Ffmpeg

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
1.3%
top 19.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
FfmpegDebian Ffmpeg
Timeline
PublishedNov 23
Latest updateMay 17

Description

Buffer overflow in the rle_decode function in libavcodec/sanm.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via crafted LucasArts Smush video data.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDffmpeg/ffmpeg1.0.3+58
debiandebian/ffmpeg

🔴Vulnerability Details

1
GHSA
GHSA-7432-279m-4g8w: Buffer overflow in the rle_decode function in libavcodec/sanm2022-05-17

📋Vendor Advisories

1
Debian
CVE-2013-0863: ffmpeg - Buffer overflow in the rle_decode function in libavcodec/sanm.c in FFmpeg before...2013

💬Community

1
Bugzilla
CVE-2013-7423 glibc: getaddrinfo() writes DNS queries to random file descriptors under high load2015-01-29