CVE-2013-3675
FFmpeg < 1.2 - Denial of Service via Crafted LucasArts Smush Video Data
Title source: llmDescription
The process_frame_obj function in sanm.c in libavcodec in FFmpeg before 1.2.1 does not validate width and height values, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) via crafted LucasArts Smush video data.
References (3)
Core 3
Core References
Patch x_refsource_confirm
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=524d0d2cfc7bab1b348f85e7c0369859e63781cf
Patch x_refsource_confirm
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=9dd04f6d8cdd1c10c28b2cb4252c1a41df581915
Various Sources x_refsource_confirm
http://ffmpeg.org/security.html
Scores
EPSS
0.0050
EPSS Percentile
66.2%
Details
CWE
CWE-20
Status
published
Products (1)
ffmpeg/ffmpeg
< 1.2
Published
Jun 10, 2013
Tracked Since
Feb 18, 2026