CVE-2013-0894 — Classic Buffer Overflow in Google Chrome

CWE-120 — Classic Buffer Overflow6 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 35.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Google Chrome Debian Ffmpeg +2 more

Timeline

PublishedFeb 23

Latest updateMay 13

Description

Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages5 packages

▶NVDgoogle/chrome< 25.0.1364.99+1

▶debiandebian/ffmpeg< ffmpeg 7:2.4.1-1 (bookworm)

▶Debianffmpeg/ffmpeg< 7:2.4.1-1+3

▶NVDffmpeg/ffmpeg1.1.3

▶NVDopensuse/opensuse12.1, 12.2+1

Also affects: Ubuntu Linux 12.04, 12.10

🔴Vulnerability Details

GHSA

GHSA-4fp9-hr59-c2fp: Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec↗2022-05-13

▶

OSV

CVE-2013-0894: Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec↗2013-02-23

▶

📋Vendor Advisories

Ubuntu

Libav vulnerabilities↗2013-04-04

▶

Debian

CVE-2013-0894: ffmpeg - Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis deco...↗2013

▶