CVE-2013-2276 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2013-2276?

CVE-2013-2276 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-2276?

Check the references section above for vendor advisories and patch information. Affected products include: Ffmpeg Ffmpeg.

Vulnerability Description

The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg before 1.1.3 does not verify the decoding state before proceeding with certain skip operations, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted audio data.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Ffmpeg	Ffmpeg	<= 1.1.2

References

FAQ

What is CVE-2013-2276?

CVE-2013-2276 is a vulnerability with a CVSS score of 7.5 (HIGH). The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg before 1.1.3 does not verify the decoding state before proceeding with certain skip operations, which allows remote attackers to c...

How severe is CVE-2013-2276?

CVE-2013-2276 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-2276?

Check the references section above for vendor advisories and patch information. Affected products include: Ffmpeg Ffmpeg.