CVE-2013-0894 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2013-0894?

CVE-2013-0894 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-0894?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Apple Macos, Linux Linux Kernel, Microsoft Windows, Ffmpeg Ffmpeg.

Vulnerability Description

Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Google	Chrome	< 25.0.1364.99
Apple	Macos	-
Linux	Linux Kernel	-
Microsoft	Windows	-
Ffmpeg	Ffmpeg	<= 1.1.3
Opensuse	Opensuse	12.1
Canonical	Ubuntu Linux	12.04

Related Weaknesses (CWE)

CWE-120

References

FAQ

What is CVE-2013-0894?

CVE-2013-0894 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Li...

How severe is CVE-2013-0894?

CVE-2013-0894 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-0894?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Apple Macos, Linux Linux Kernel, Microsoft Windows, Ffmpeg Ffmpeg.