Vulnerability Details : CVE-2013-3670
The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 20130328 through 20130501 does not properly use the bytestream2 API, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted RLE data. NOTE: the vendor has listed this as an issue fixed in 1.2.1, but the issue is actually in new code that was not shipped with the 1.2.1 release or any earlier release.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2013-3670
Probability of exploitation activity in the next 30 days: 0.15%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 49 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-3670
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2013-3670
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-3670
-
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0baa0a5a02e16ef097ed9f72bc8a7d7b585c7652
git.videolan.org Git - ffmpeg.git/commitPatch
-
http://ffmpeg.org/security.html
FFmpeg Security
-
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c1f2c4c3b49277d65b71ccdd3b6b2878f1b593eb
git.videolan.org Git - ffmpeg.git/commitPatch
Products affected by CVE-2013-3670
- cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*