Vulnerabilities > CVE-2013-3671 - Numeric Errors vulnerability in Ffmpeg

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

The format_line function in log.c in libavutil in FFmpeg before 1.2.1 uses inapplicable offset data during a certain category calculation, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via crafted data that triggers a log message.

Vulnerable Configurations

Part Description Count
Application
Ffmpeg
140

Common Weakness Enumeration (CWE)

Nessus

NASL familyGentoo Local Security Checks
NASL idGENTOO_GLSA-201310-12.NASL
descriptionThe remote host is affected by the vulnerability described in GLSA-201310-12 (FFmpeg: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers and FFmpeg changelogs referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted media file, possibly leading to the execution of arbitrary code with the privileges of the user running the application or a Denial of Service. Workaround : There is no known workaround at this time.
last seen2020-06-01
modified2020-06-02
plugin id70647
published2013-10-27
reporterThis script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/70647
titleGLSA-201310-12 : FFmpeg: Multiple vulnerabilities