CVE-2013-3675 (retired)

Priority
Description
The process_frame_obj function in sanm.c in libavcodec in FFmpeg before
1.2.1 does not validate width and height values, which allows remote
attackers to cause a denial of service (integer overflow, out-of-bounds
array access, and application crash) via crafted LucasArts Smush video
data.
Notes
mdeslaurlibav and ffmpeg codebases have diverged to the point of
not being able to track both using the same CVE numbers.
Marking this CVE as not-affected for libav.
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Source: libav (LP Ubuntu Debian)
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2019-10-09 07:48:01 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)