Summaryinfo

A vulnerability, which was classified as problematic, has been found in FFmpeg up to 1.2. Impacted is the function ref_picture/alloc_picture/get_consumed_bytes/decode_frame of the file libavcodec/h264.c. Performing a manipulation results in an unknown weakness. No exploit is available. It is suggested to install a patch to address this issue.

Detailsinfo

A vulnerability was found in FFmpeg up to 1.2 (Multimedia Processing Software). It has been classified as problematic. This affects the function ref_picture/alloc_picture/get_consumed_bytes/decode_frame of the file libavcodec/h264.c. The impact remains unknown.

The weakness was published 05/01/2013 by Mateusz Jurczyk and Gynvael Coldwind with Google Security Team as confirmed git commit (GIT Repository). The advisory is shared at git.videolan.org. The public release has been coordinated with the project team. Technical details are known, but no exploit is available.

Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.videolan.org. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the vulnerability database at OSVDB (95035†). Similar entries are available at VDB-9469, VDB-9468, VDB-9467 and VDB-9466. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Affected

• FFmpeg
• Libav

Productinfo

Type

• Multimedia Processing Software

Name

• FFmpeg

Version

• 1.0
• 1.1
• 1.2

License

• open-source

Website

• Product: https://ffmpeg.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion