CVE-2013-3673Improper Restriction of Operations within the Bounds of a Memory Buffer in Ffmpeg

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 34.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
FfmpegDebian Ffmpeg
Timeline
PublishedJun 10
Latest updateMay 17

Description

The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg before 1.2.1 does not properly manage the disposal methods of frames, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted GIF data.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDffmpeg/ffmpeg1.2
debiandebian/ffmpeg

🔴Vulnerability Details

1
GHSA
GHSA-j837-2gh6-pprf: The gif_decode_frame function in gifdec2022-05-17

📋Vendor Advisories

1
Debian
CVE-2013-3673: ffmpeg - The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg before 1.2.1 d...2013