CVE-2013-2277

2013-02-2700:00:00

ubuntu.com

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.004

Percentile

73.1%

JSON

The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in
FFmpeg before 1.1.3 does not validate the relationship between luma depth
and chroma depth, which allows remote attackers to cause a denial of
service (out-of-bounds array access and application crash) or possibly have
unspecified other impact via crafted H.264 data.

Bugs

<https://bugs.launchpad.net/bugs/1163354>

Notes

Author	Note
mdeslaur	ffmpeg-extra in multiverse needs to have matching version libav-extra is built with tarball produced by libav package
jdstrand	ffmpeg on 10.04 LTS has no error checking of sps->bit_depth_luma or sps->bit_depth_chroma (see libavcodec/h264.c line 7140 (after applying quilt patches)) libav has no error checking of sps->bit_depth_luma os
sps-	bit_depth_chroma (see libavcodec/h264_ps.c, line 338 on 11.10, line 348 on 12.04 LTS and higher)
mdeslaur	ignoring releases near EoL. New version not available from upstream.

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchlibav< 4:0.8.6-0ubuntu0.12.04.1UNKNOWN
ubuntu12.10noarchlibav< 6:0.8.6-0ubuntu0.12.10.1UNKNOWN
ubuntu12.04noarchlibav-extra< 4:0.8.6ubuntu0.12.04.1UNKNOWN
ubuntu12.10noarchlibav-extra< 6:0.8.6ubuntu0.12.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	libav	< 4:0.8.6-0ubuntu0.12.04.1	UNKNOWN
ubuntu	12.10	noarch	libav	< 6:0.8.6-0ubuntu0.12.10.1	UNKNOWN
ubuntu	12.04	noarch	libav-extra	< 4:0.8.6ubuntu0.12.04.1	UNKNOWN
ubuntu	12.10	noarch	libav-extra	< 6:0.8.6ubuntu0.12.10.1	UNKNOWN