CVE-2013-0899

Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet.
Severity
UNKNOWN
AV:N/AC:L/Au:N/C:N/I:N/A:P
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
opus-codecopus
𝑥
< 1.0.2
googlechrome
𝑥
< 25.0.1364.97
googlechrome
𝑥
< 25.0.1364.99
opensuseopensuse
12.1
opensuseopensuse
12.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
opus
bullseye
1.3.1-0.1
fixed
bookworm
1.3.1-3
fixed
sid
1.5.2-2
fixed
trixie
1.5.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
quantal
Fixed 25.0.1364.160-0ubuntu0.12.10.1
released
precise
Fixed 25.0.1364.160-0ubuntu0.12.04.1
released
oneiric
Fixed 25.0.1364.160-0ubuntu0.11.10.1
released
lucid
Fixed 25.0.1364.160-0ubuntu0.10.04.1
released
hardy
dne