CVE-2013-0899 — Integer Overflow or Wraparound in Google Chrome

CWE-190 — Integer Overflow or Wraparound4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

1.2%

top 21.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wikepage Opus Google Chrome Opus-codec Opus +2 more

Timeline

PublishedFeb 23

Latest updateMay 14

Description

Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶NVDgoogle/chrome< 25.0.1364.97+1

▶debiandebian/opus< opus 0.9.14+20120615-1+nmu1 (bookworm)

▶NVDopus-codec/opus< 1.0.2

▶Debianwikepage/opus< 0.9.14+20120615-1+nmu1+3

▶NVDopensuse/opensuse12.1, 12.2+1

🔴Vulnerability Details

GHSA

GHSA-73r9-pvh7-9jvg: Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder↗2022-05-14

▶

OSV

CVE-2013-0899: Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder↗2013-02-23

▶

📋Vendor Advisories

Debian

CVE-2013-0899: opus - Integer overflow in the padding implementation in the opus_packet_parse_impl fun...↗2013

▶