CVE-2013-2496

The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
ffmpegffmpeg
𝑥
≤ 1.1.3
ffmpegffmpeg
0.3
ffmpegffmpeg
0.3.1
ffmpegffmpeg
0.3.2
ffmpegffmpeg
0.3.3
ffmpegffmpeg
0.3.4
ffmpegffmpeg
0.4.0
ffmpegffmpeg
0.4.2
ffmpegffmpeg
0.4.3
ffmpegffmpeg
0.4.4
ffmpegffmpeg
0.4.5
ffmpegffmpeg
0.4.6
ffmpegffmpeg
0.4.7
ffmpegffmpeg
0.4.8
ffmpegffmpeg
0.4.9
ffmpegffmpeg
0.4.9:pre1
ffmpegffmpeg
0.5
ffmpegffmpeg
0.5.1
ffmpegffmpeg
0.5.2
ffmpegffmpeg
0.5.3
ffmpegffmpeg
0.5.4
ffmpegffmpeg
0.5.4.5
ffmpegffmpeg
0.5.4.6
ffmpegffmpeg
0.6
ffmpegffmpeg
0.6.1
ffmpegffmpeg
0.6.2
ffmpegffmpeg
0.6.3
ffmpegffmpeg
0.7
ffmpegffmpeg
0.7.1
ffmpegffmpeg
0.7.2
ffmpegffmpeg
0.7.3
ffmpegffmpeg
0.7.4
ffmpegffmpeg
0.7.5
ffmpegffmpeg
0.7.6
ffmpegffmpeg
0.7.7
ffmpegffmpeg
0.7.8
ffmpegffmpeg
0.7.9
ffmpegffmpeg
0.7.11
ffmpegffmpeg
0.7.12
ffmpegffmpeg
0.8.0
ffmpegffmpeg
0.8.1
ffmpegffmpeg
0.8.2
ffmpegffmpeg
0.8.5
ffmpegffmpeg
0.8.5.3
ffmpegffmpeg
0.8.5.4
ffmpegffmpeg
0.8.6
ffmpegffmpeg
0.8.7
ffmpegffmpeg
0.8.8
ffmpegffmpeg
0.8.10
ffmpegffmpeg
0.8.11
ffmpegffmpeg
0.9
ffmpegffmpeg
0.9.1
ffmpegffmpeg
0.10
ffmpegffmpeg
0.10.3
ffmpegffmpeg
0.10.4
ffmpegffmpeg
0.11
ffmpegffmpeg
1.0
ffmpegffmpeg
1.1.1
ffmpegffmpeg
1.1.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ffmpeg
bullseye
7:4.3.7-0+deb11u1
fixed
bullseye (security)
7:4.3.8-0+deb11u1
fixed
bookworm
7:5.1.6-0+deb12u1
fixed
bookworm (security)
7:5.1.6-0+deb12u1
fixed
sid
7:7.1-3
fixed
trixie
7:7.1-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ffmpeg
raring
dne
quantal
dne
precise
dne
oneiric
dne
lucid
ignored
hardy
ignored
ffmpeg-extra
raring
dne
quantal
dne
precise
dne
oneiric
dne
lucid
ignored
hardy
dne
libav
raring
not-affected
quantal
Fixed 6:0.8.6-0ubuntu0.12.10.1
released
precise
Fixed 4:0.8.6-0ubuntu0.12.04.1
released
oneiric
ignored
lucid
dne
hardy
dne
libav-extra
raring
not-affected
quantal
Fixed 6:0.8.6ubuntu0.12.10.1
released
precise
Fixed 4:0.8.6ubuntu0.12.04.1
released
oneiric
ignored
lucid
dne
hardy
dne