CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
74.0%
The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before
1.2.1 does not validate the relationship between a horizontal coordinate
and a width value, which allows remote attackers to cause a denial of
service (out-of-bounds array access and application crash) via crafted
American Laser Games (ALG) MM Video data.
Author | Note |
---|---|
mdeslaur | libav and ffmpeg codebases have diverged to the point of not being able to track both using the same CVE numbers. Marking this CVE as not-affected for libav. |