First published: Mon Dec 09 2013(Updated: )
The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Flash Screen Video data.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
FFmpeg | <=2.0.1 | |
FFmpeg | =0.3 | |
FFmpeg | =0.3.1 | |
FFmpeg | =0.3.2 | |
FFmpeg | =0.3.3 | |
FFmpeg | =0.3.4 | |
FFmpeg | =0.4.0 | |
FFmpeg | =0.4.2 | |
FFmpeg | =0.4.3 | |
FFmpeg | =0.4.4 | |
FFmpeg | =0.4.5 | |
FFmpeg | =0.4.6 | |
FFmpeg | =0.4.7 | |
FFmpeg | =0.4.8 | |
FFmpeg | =0.4.9-pre1 | |
FFmpeg | =0.5 | |
FFmpeg | =0.5.1 | |
FFmpeg | =0.5.2 | |
FFmpeg | =0.5.3 | |
FFmpeg | =0.5.4 | |
FFmpeg | =0.5.4.5 | |
FFmpeg | =0.5.4.6 | |
FFmpeg | =0.5.5 | |
FFmpeg | =0.6 | |
FFmpeg | =0.6.1 | |
FFmpeg | =0.6.2 | |
FFmpeg | =0.6.3 | |
FFmpeg | =0.7 | |
FFmpeg | =0.7.1 | |
FFmpeg | =0.7.2 | |
FFmpeg | =0.7.3 | |
FFmpeg | =0.7.4 | |
FFmpeg | =0.7.5 | |
FFmpeg | =0.7.6 | |
FFmpeg | =0.7.7 | |
FFmpeg | =0.7.8 | |
FFmpeg | =0.7.9 | |
FFmpeg | =0.7.11 | |
FFmpeg | =0.7.12 | |
FFmpeg | =0.8.0 | |
FFmpeg | =0.8.1 | |
FFmpeg | =0.8.2 | |
FFmpeg | =0.8.5 | |
FFmpeg | =0.8.5.3 | |
FFmpeg | =0.8.5.4 | |
FFmpeg | =0.8.6 | |
FFmpeg | =0.8.7 | |
FFmpeg | =0.8.8 | |
FFmpeg | =0.8.10 | |
FFmpeg | =0.8.11 | |
FFmpeg | =0.9 | |
FFmpeg | =0.9.1 | |
FFmpeg | =0.10 | |
FFmpeg | =0.10.3 | |
FFmpeg | =0.10.4 | |
FFmpeg | =0.11 | |
FFmpeg | =1.0 | |
FFmpeg | =1.1.1 | |
FFmpeg | =1.1.2 | |
FFmpeg | =1.1.3 | |
FFmpeg | =1.1.4 | |
FFmpeg | =1.2 | |
FFmpeg | =1.2.1 | |
FFmpeg | =2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-7015 has been classified as a denial of service vulnerability due to out-of-bounds array access.
To resolve CVE-2013-7015, upgrade FFmpeg to version 2.1 or higher, where the vulnerability has been patched.
CVE-2013-7015 affects FFmpeg versions up to and including 2.0.1 as well as specific earlier versions.
CVE-2013-7015 allows attackers to cause a denial of service by exploiting crafted Flash Screen Video data.
While no specific exploit is publicly documented, the vulnerability could be potentially exploited in scenarios where crafted Flash Screen Video data is processed.