Vulnerability Details : CVE-2013-7022
The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2013-7022
Probability of exploitation activity in the next 30 days: 0.80%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 80 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-7022
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2013-7022
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-7022
-
https://security.gentoo.org/glsa/201603-06
FFmpeg: Multiple vulnerabilities (GLSA 201603-06) — Gentoo security
-
https://github.com/FFmpeg/FFmpeg/commit/e07ac727c1cc9eed39e7f9117c97006f719864bd
avcodec/g2meet: Fix framebuf size · FFmpeg/FFmpeg@e07ac72 · GitHubExploit;Patch
-
http://openwall.com/lists/oss-security/2013/12/08/3
oss-security - Re: CVE Request: FFmpeg 2.1 multiple problemsPatch
-
https://trac.ffmpeg.org/ticket/2971
#2971 (g2m4: invalid write 3) – FFmpegExploit
-
http://ffmpeg.org/security.html
FFmpeg Security
-
http://openwall.com/lists/oss-security/2013/11/26/7
oss-security - CVE Request: FFmpeg 2.1 multiple problemsPatch
Products affected by CVE-2013-7022
- cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.10:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.11:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*