CVE-2013-0864 — Ffmpeg vulnerability

CWE-1894 documents4 sources

Severity

10.0CRITICALNVD

EPSS

1.4%

top 19.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg

Timeline

PublishedNov 23

Latest updateMay 17

Description

The gif_copy_img_rect function in libavcodec/gifdec.c in FFmpeg before 1.1.2 performs an incorrect calculation for an "end pointer," which allows remote attackers to have an unspecified impact via crafted GIF data that triggers an out-of-bounds array access.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDffmpeg/ffmpeg1.1.1+55

▶debiandebian/ffmpeg

🔴Vulnerability Details

GHSA

GHSA-mghq-2px7-9ch5: The gif_copy_img_rect function in libavcodec/gifdec↗2022-05-17

▶

📋Vendor Advisories

Debian

CVE-2013-0864: ffmpeg - The gif_copy_img_rect function in libavcodec/gifdec.c in FFmpeg before 1.1.2 per...↗2013

▶