CVE-2013-7013

EUVD-2013-6814
The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 uses an incorrect ordering of arithmetic operations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
ffmpegffmpeg
𝑥
≤ 2.0.1
ffmpegffmpeg
0.3
ffmpegffmpeg
0.3.1
ffmpegffmpeg
0.3.2
ffmpegffmpeg
0.3.3
ffmpegffmpeg
0.3.4
ffmpegffmpeg
0.4.0
ffmpegffmpeg
0.4.2
ffmpegffmpeg
0.4.3
ffmpegffmpeg
0.4.4
ffmpegffmpeg
0.4.5
ffmpegffmpeg
0.4.6
ffmpegffmpeg
0.4.7
ffmpegffmpeg
0.4.8
ffmpegffmpeg
0.4.9:pre1
ffmpegffmpeg
0.5
ffmpegffmpeg
0.5.1
ffmpegffmpeg
0.5.2
ffmpegffmpeg
0.5.3
ffmpegffmpeg
0.5.4
ffmpegffmpeg
0.5.4.5
ffmpegffmpeg
0.5.4.6
ffmpegffmpeg
0.5.5
ffmpegffmpeg
0.6
ffmpegffmpeg
0.6.1
ffmpegffmpeg
0.6.2
ffmpegffmpeg
0.6.3
ffmpegffmpeg
0.7
ffmpegffmpeg
0.7.1
ffmpegffmpeg
0.7.2
ffmpegffmpeg
0.7.3
ffmpegffmpeg
0.7.4
ffmpegffmpeg
0.7.5
ffmpegffmpeg
0.7.6
ffmpegffmpeg
0.7.7
ffmpegffmpeg
0.7.8
ffmpegffmpeg
0.7.9
ffmpegffmpeg
0.7.11
ffmpegffmpeg
0.7.12
ffmpegffmpeg
0.8.0
ffmpegffmpeg
0.8.1
ffmpegffmpeg
0.8.2
ffmpegffmpeg
0.8.5
ffmpegffmpeg
0.8.5.3
ffmpegffmpeg
0.8.5.4
ffmpegffmpeg
0.8.6
ffmpegffmpeg
0.8.7
ffmpegffmpeg
0.8.8
ffmpegffmpeg
0.8.10
ffmpegffmpeg
0.8.11
ffmpegffmpeg
0.9
ffmpegffmpeg
0.9.1
ffmpegffmpeg
0.10
ffmpegffmpeg
0.10.3
ffmpegffmpeg
0.10.4
ffmpegffmpeg
0.11
ffmpegffmpeg
1.0
ffmpegffmpeg
1.1.1
ffmpegffmpeg
1.1.2
ffmpegffmpeg
1.1.3
ffmpegffmpeg
1.1.4
ffmpegffmpeg
1.2
ffmpegffmpeg
1.2.1
ffmpegffmpeg
2.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ffmpeg
bookworm
7:5.1.6-0+deb12u1
fixed
bookworm (security)
7:5.1.6-0+deb12u1
fixed
bullseye
7:4.3.7-0+deb11u1
fixed
bullseye (security)
7:4.3.8-0+deb11u1
fixed
sid
7:7.1-3
fixed
trixie
7:7.1-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ffmpeg
lucid
ignored
precise
dne
quantal
dne
raring
dne
saucy
dne
Common Weakness Enumeration
References
http://ffmpeg.org/security.html
http://openwall.com/lists/oss-security/2013/11/26/7
http://openwall.com/lists/oss-security/2013/12/08/3
https://github.com/FFmpeg/FFmpeg/commit/821a5938d100458f4d09d634041b05c860554ce0
https://security.gentoo.org/glsa/201603-06
https://trac.ffmpeg.org/ticket/2922
http://ffmpeg.org/security.html
http://openwall.com/lists/oss-security/2013/11/26/7
http://openwall.com/lists/oss-security/2013/12/08/3
https://github.com/FFmpeg/FFmpeg/commit/821a5938d100458f4d09d634041b05c860554ce0
https://security.gentoo.org/glsa/201603-06
https://trac.ffmpeg.org/ticket/2922