CVE-2013-3675Improper Input Validation in Ffmpeg

CWE-20Improper Input Validation3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 34.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
FfmpegDebian Ffmpeg
Timeline
PublishedJun 10
Latest updateMay 17

Description

The process_frame_obj function in sanm.c in libavcodec in FFmpeg before 1.2.1 does not validate width and height values, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) via crafted LucasArts Smush video data.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDffmpeg/ffmpeg1.2
debiandebian/ffmpeg

🔴Vulnerability Details

1
GHSA
GHSA-34gv-fqgg-h594: The process_frame_obj function in sanm2022-05-17

📋Vendor Advisories

1
Debian
CVE-2013-3675: ffmpeg - The process_frame_obj function in sanm.c in libavcodec in FFmpeg before 1.2.1 do...2013