CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
75.3%
The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 20130328
through 20130501 does not properly use the bytestream2 API, which allows
remote attackers to cause a denial of service (out-of-bounds array access
and application crash) via crafted RLE data. NOTE: the vendor has listed
this as an issue fixed in 1.2.1, but the issue is actually in new code that
was not shipped with the 1.2.1 release or any earlier release.
Author | Note |
---|---|
mdeslaur | libav and ffmpeg codebases have diverged to the point of not being able to track both using the same CVE numbers. Marking this CVE as not-affected for libav. |