Vulnerability Description
The format_line function in log.c in libavutil in FFmpeg before 1.2.1 uses inapplicable offset data during a certain category calculation, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via crafted data that triggers a log message.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ffmpeg | Ffmpeg | <= 1.2 |
Related Weaknesses (CWE)
References
- http://ffmpeg.org/security.html
- http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=7edb984dd051b6919d7d8471c70
- http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=cc0dd86580b3257f22a4981a79e
- http://ffmpeg.org/security.html
- http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=7edb984dd051b6919d7d8471c70
- http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=cc0dd86580b3257f22a4981a79e
FAQ
What is CVE-2013-3671?
CVE-2013-3671 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The format_line function in log.c in libavutil in FFmpeg before 1.2.1 uses inapplicable offset data during a certain category calculation, which allows remote attackers to cause a denial of service (i...
How severe is CVE-2013-3671?
CVE-2013-3671 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3671?
Check the references section above for vendor advisories and patch information. Affected products include: Ffmpeg Ffmpeg.