CVE-2013-0870 - The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check.

CVE-2013-0870

Summary

The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check.

References

Vulnerable Configurations

cpe:2.3:a:ffmpeg:ffmpeg:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:1.1.4:*:*:*:*:*:*:*

CVSS

CWE

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

confirm	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=14c8ee00ffd9d45e6e0c6f11a957ce7e56f7eb3a https://www.ffmpeg.org/security.html
mlist	[oss-security] 20140208 Fwd: Old CVE ids, public, but still "RESERVED"

Last major update

04-09-2017 - 17:33

Published

28-08-2017 - 15:29

Last modified

04-09-2017 - 17:33