CVE-2013-0860

The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.9:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.10:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.10.3:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.10.4:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.11:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:1.0:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:1.1:*:*:*:*:*:*:*

History

21 Nov 2024, 01:48

Type Values Removed Values Added
References () http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3e196e4def03c7a91423803402f84d638d316c33 - () http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3e196e4def03c7a91423803402f84d638d316c33 -
References () http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=68a0477bc0af026db971ddba22541029a9e8715b - () http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=68a0477bc0af026db971ddba22541029a9e8715b -
References () http://www.ffmpeg.org/security.html - () http://www.ffmpeg.org/security.html -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2014:227 - () http://www.mandriva.com/security/advisories?name=MDVSA-2014:227 -
References () https://security.gentoo.org/glsa/201603-06 - () https://security.gentoo.org/glsa/201603-06 -

07 Nov 2023, 02:14

Type Values Removed Values Added
References
  • {'url': 'http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3e196e4def03c7a91423803402f84d638d316c33', 'name': 'http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3e196e4def03c7a91423803402f84d638d316c33', 'tags': ['Patch'], 'refsource': 'CONFIRM'}
  • {'url': 'http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=68a0477bc0af026db971ddba22541029a9e8715b', 'name': 'http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=68a0477bc0af026db971ddba22541029a9e8715b', 'tags': ['Exploit', 'Patch'], 'refsource': 'CONFIRM'}
  • () http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3e196e4def03c7a91423803402f84d638d316c33 -
  • () http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=68a0477bc0af026db971ddba22541029a9e8715b -
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2014:227 - () http://www.mandriva.com/security/advisories?name=MDVSA-2014:227 -
References (CONFIRM) http://www.ffmpeg.org/security.html - () http://www.ffmpeg.org/security.html -
References (GENTOO) https://security.gentoo.org/glsa/201603-06 - () https://security.gentoo.org/glsa/201603-06 -

Information

Published : 2013-11-23 18:55

Updated : 2024-11-21 01:48


NVD link : CVE-2013-0860

Mitre link : CVE-2013-0860

CVE.ORG link : CVE-2013-0860


JSON object : View

Products Affected

ffmpeg

  • ffmpeg
CWE
CWE-20

Improper Input Validation