CVE-2013-0858

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 1.0.4

Description The issue allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels. Multiple vulnerabilities in the libav package may lead to disruption of confidentiality, integrity, and availability of protected information, and exploitation can be done remotely.

Recommendations For versions prior to 1.0.4, update to version 1.0.4 or later to resolve the issue. As a temporary workaround, consider disabling the atrac3 decode init function until a patch is available. Restrict access to ATRAC3 data with the joint stereo coding mode set and fewer than two channels to minimize the risk of exploitation.