Out-of-bounds array access and application crash vulnerability in FFmpeg's avcodec_decode_audio4 function

Out-of-bounds array access and application crash vulnerability in FFmpeg's avcodec_decode_audio4 function

CVE-2013-2276 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg before 1.1.3 does not verify the decoding state before proceeding with certain skip operations, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted audio data.

Learn more about our Web Application Penetration Testing UK.