CVE-2013-7011

Published: 9 December 2013

The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to global parameters, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.

Priority

Status

Package	Release	Status
ffmpeg Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	saucy	Does not exist
	upstream	Needs triage

References

https://github.com/FFmpeg/FFmpeg/commit/547d690d676064069d44703a1917e0dab7e33445
https://trac.ffmpeg.org/ticket/2906
http://www.openwall.com/lists/oss-security/2013/12/08
https://www.cve.org/CVERecord?id=CVE-2013-7011
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.