CVE-2013-2496
FFmpeg < 1.1.3 - Denial of Service via Crafted Microsoft RLE Data
Title source: llmDescription
The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1790-1
Patch x_refsource_confirm
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=e398990eb87785e20e065cd3f14d1dbb69df4392
Scores
EPSS
0.0046
EPSS Percentile
64.3%
Details
CWE
CWE-119
Status
published
Products (49)
ffmpeg/ffmpeg
0.3
ffmpeg/ffmpeg
0.3.1
ffmpeg/ffmpeg
0.3.2
ffmpeg/ffmpeg
0.3.3
ffmpeg/ffmpeg
0.3.4
ffmpeg/ffmpeg
0.4.0
ffmpeg/ffmpeg
0.4.2
ffmpeg/ffmpeg
0.4.3
ffmpeg/ffmpeg
0.4.4
ffmpeg/ffmpeg
0.4.5
... and 39 more
Published
Mar 09, 2013
Tracked Since
Feb 18, 2026