CVE Reference: CVE-2013-3674

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2013-3674

Description:
The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics Video data.

CVE Status:
Candidate

References:

CONFIRM
  http://ffmpeg.org/security.html
  http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd
  http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ad002e1a13a8df934bd6cb2c84175a4780ab8942


Return to the previous page.