CVE-2013-0844

Name of the Vulnerable Software and Affected Versions libav versions prior to 1.0.4

Description The issue concerns multiple vulnerabilities in the libav package of the Debian GNU/Linux operating system, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. Specifically, an off-by-one error in the adpcm decode frame function in libavcodec/adpcm.c allows remote attackers to trigger an out-of-bounds array access via crafted DK4 data.

Recommendations For libav versions prior to 1.0.4, update to version 1.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the adpcm decode frame function in libavcodec/adpcm.c to minimize the risk of exploitation.