CVE-2013-0852

Published: 07 December 2013

The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access.

Priority

Medium

Status

Package Release Status
ffmpeg
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

ffmpeg-extra
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

libav
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

libav-extra
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

Notes

AuthorNote
mdeslaur
libav and ffmpeg codebases have diverged to the point of
not being able to track both using the same CVE numbers.
Marking this CVE as not-affected for libav.

References