CVE-2013-0854

Name of the Vulnerable Software and Affected Versions libav versions prior to the fixed version

Description The issue concerns multiple vulnerabilities in the libav package of the Debian GNU/Linux operating system, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. Specifically, the mjpeg decode scan progressive ac function in libavcodec/mjpegdec.c in FFmpeg is affected, allowing remote attackers to have an impact via crafted MJPEG data.

Recommendations For versions prior to the fixed version, update to the fixed version to resolve the issue. As a temporary workaround, consider restricting access to the mjpeg decode scan progressive ac function in libavcodec/mjpegdec.c until a patch is available.