CVE-2013-2277

Published: 2/27/2013 Last updated: 8/6/2024 Reserved: 2/26/2013

The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted H.264 data.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (3)

conf-ffmpeg ffmpeg opus

Products affected (1)

Product	Vendor	Version
n/a	n/a	n/a

References (4)

http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=bdeb61ccc67911cfc5e20c7cfb1312d0501ca90a
http://www.ubuntu.com/usn/USN-1790-1
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=bdeb61ccc67911cfc5e20c7cfb1312d0501ca90a
http://www.ubuntu.com/usn/USN-1790-1