CVE-2013-3672

Published: Jun 10, 2013Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted American Laser Games (ALG) MM Video data.

Affected (1)

Products: Ffmpeg: Ffmpeg

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ffmpeg Ffmpeg	Up to 1.2

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

http://ffmpeg.org/security.html

Source: cve@mitre.org

http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=7fa6db2545643efb4fe2e0bb501fa50af35a6330

Source: cve@mitre.org

http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=8d3c99e825317b7efda5fd12e69896b47c700303

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2014:227

Source: cve@mitre.org

http://ffmpeg.org/security.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=7fa6db2545643efb4fe2e0bb501fa50af35a6330

Source: af854a3a-2127-422b-91ae-364da2661108

http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=8d3c99e825317b7efda5fd12e69896b47c700303

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2014:227

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.