CVE-2013-0868

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 1.1.2

Description The issue is related to an out-of-bounds write in the libavcodec/huffyuvdec.c file, which can be triggered by crafted Huffyuv data. This is also related to unchecked return codes from the init vlc function and cases where len==0.

Recommendations For versions prior to 1.1.2, update to version 1.1.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of Huffyuv decoding to minimize the risk of exploitation.