CVE-2013-2495

Published: Mar 9, 2013Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The iff_read_header function in iff.c in libavformat in FFmpeg through 1.1.3 does not properly handle data sizes for Interchange File Format (IFF) data during operations involving a CMAP chunk or a video codec, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) or possibly have unspecified other impact via a crafted header.

Affected (59)

Products: Ffmpeg: Ffmpeg

Ffmpeg

1 product

Ffmpeg

Configuration A

59 vulnerable

Vulnerable Software	Affected Versions
Ffmpeg Ffmpeg	Up to 1.1.3
Ffmpeg Ffmpeg	Version 0.10.3
Ffmpeg Ffmpeg	Version 0.10.4
Ffmpeg Ffmpeg	Version 0.10
Ffmpeg Ffmpeg	Version 0.11
Ffmpeg Ffmpeg	Version 0.3.1
Ffmpeg Ffmpeg	Version 0.3.2
Ffmpeg Ffmpeg	Version 0.3.3
Ffmpeg Ffmpeg	Version 0.3.4
Ffmpeg Ffmpeg	Version 0.3
Ffmpeg Ffmpeg	Version 0.4.0
Ffmpeg Ffmpeg	Version 0.4.2
Ffmpeg Ffmpeg	Version 0.4.3
Ffmpeg Ffmpeg	Version 0.4.4
Ffmpeg Ffmpeg	Version 0.4.5
Ffmpeg Ffmpeg	Version 0.4.6
Ffmpeg Ffmpeg	Version 0.4.7
Ffmpeg Ffmpeg	Version 0.4.8
Ffmpeg Ffmpeg	Version 0.4.9
Ffmpeg Ffmpeg	Version 0.4.9 pre1
Ffmpeg Ffmpeg	Version 0.5.1
Ffmpeg Ffmpeg	Version 0.5.2
Ffmpeg Ffmpeg	Version 0.5.3
Ffmpeg Ffmpeg	Version 0.5.4.5
Ffmpeg Ffmpeg	Version 0.5.4.6
Ffmpeg Ffmpeg	Version 0.5.4
Ffmpeg Ffmpeg	Version 0.5
Ffmpeg Ffmpeg	Version 0.6.1
Ffmpeg Ffmpeg	Version 0.6.2
Ffmpeg Ffmpeg	Version 0.6.3
Ffmpeg Ffmpeg	Version 0.6
Ffmpeg Ffmpeg	Version 0.7.11
Ffmpeg Ffmpeg	Version 0.7.12
Ffmpeg Ffmpeg	Version 0.7.1
Ffmpeg Ffmpeg	Version 0.7.2
Ffmpeg Ffmpeg	Version 0.7.3
Ffmpeg Ffmpeg	Version 0.7.4
Ffmpeg Ffmpeg	Version 0.7.5
Ffmpeg Ffmpeg	Version 0.7.6
Ffmpeg Ffmpeg	Version 0.7.7
Ffmpeg Ffmpeg	Version 0.7.8
Ffmpeg Ffmpeg	Version 0.7.9
Ffmpeg Ffmpeg	Version 0.7
Ffmpeg Ffmpeg	Version 0.8.0
Ffmpeg Ffmpeg	Version 0.8.10
Ffmpeg Ffmpeg	Version 0.8.11
Ffmpeg Ffmpeg	Version 0.8.1
Ffmpeg Ffmpeg	Version 0.8.2
Ffmpeg Ffmpeg	Version 0.8.5.3
Ffmpeg Ffmpeg	Version 0.8.5.4
Ffmpeg Ffmpeg	Version 0.8.5
Ffmpeg Ffmpeg	Version 0.8.6
Ffmpeg Ffmpeg	Version 0.8.7
Ffmpeg Ffmpeg	Version 0.8.8
Ffmpeg Ffmpeg	Version 0.9.1
Ffmpeg Ffmpeg	Version 0.9
Ffmpeg Ffmpeg	Version 1.0
Ffmpeg Ffmpeg	Version 1.1.1
Ffmpeg Ffmpeg	Version 1.1.2

Related CWEs

CWE-189

References (4)

http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dbc0ff9c3e6f6e0d08ea3d42cb33761bae084ba

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-1790-1

Source: cve@mitre.org

http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dbc0ff9c3e6f6e0d08ea3d42cb33761bae084ba

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-1790-1

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.