CVE Reference: CVE-2013-3672

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2013-3672

Description:
The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted American Laser Games (ALG) MM Video data.

CVE Status:
Candidate

References:

MANDRIVA
  http://www.mandriva.com/security/advisories?name=MDVSA-2014:227

CONFIRM
  http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8d3c99e825317b7efda5fd12e69896b47c700303
  http://ffmpeg.org/security.html
  http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7fa6db2545643efb4fe2e0bb501fa50af35a6330


Return to the previous page.