| Vulnerability Name: | CVE-2013-3670 (CCN-84913) | ||||||||
| Assigned: | 2013-06-09 | ||||||||
| Published: | 2013-06-09 | ||||||||
| Updated: | 2013-06-10 | ||||||||
| Summary: | The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 20130328 through 20130501 does not properly use the bytestream2 API, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted RLE data. Note: the vendor has listed this as an issue fixed in 1.2.1, but the issue is actually in new code that was not shipped with the 1.2.1 release or any earlier release. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: MITRE Type: CNA CVE-2013-3670 Source: CCN Type: FFmpeg Web site FFmpeg Security Source: MISC Type: UNKNOWN http://ffmpeg.org/security.html Source: CCN Type: FFmpeg GIT Repository vmdav: Try to fix unpack_rle() Source: CONFIRM Type: Patch http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0baa0a5a02e16ef097ed9f72bc8a7d7b585c7652 Source: CONFIRM Type: Patch http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c1f2c4c3b49277d65b71ccdd3b6b2878f1b593eb Source: CCN Type: SA53825 FFmpeg Multiple Vulnerabilities Source: CCN Type: BID-60476 FFmpeg 'unpack_rle()' Function Denial of Service Vulnerability Source: XF Type: UNKNOWN ffmpeg-cve20133670-unpackrle-dos(84913) Source: CCN Type: WhiteSource Vulnerability Database CVE-2013-3670 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||