CVE-2013-3670

Published: 10/06/2013 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 20130328 through 20130501 does not properly use the bytestream2 API, which allows remote malicious users to cause a denial of service (out-of-bounds array access and application crash) via crafted RLE data. NOTE: the vendor has listed this as an issue fixed in 1.2.1, but the issue is actually in new code that was not shipped with the 1.2.1 release or any earlier release.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ffmpeg ffmpeg

Debian Bug report logs - #717009 libavcodec53: CVEs CVE-2013-0844 to CVE-2013-0874, CVE-2013-3670, CVE-2013-3672, CVE-2013-3674 Package: libavcodec53; Maintainer for libavcodec53 is (unknown); Reported by: Arne Wichmann <aw@linuxde> Date: Tue, 16 Jul 2013 00:21:02 UTC Severity: important Tags: security Found in version l ...

CWE-119 http://ffmpeg.org/security.html http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=0baa0a5a02e16ef097ed9f72bc8a7d7b585c7652 http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=c1f2c4c3b49277d65b71ccdd3b6b2878f1b593eb https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717009 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-3670

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect