CVE-2013-3671

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 1.2.1

Description The issue allows remote attackers to cause a denial of service, resulting in an invalid pointer dereference and application crash, via crafted data that triggers a log message. This is due to the format line function in log.c in libavutil using inapplicable offset data during a certain category calculation.

Recommendations For versions prior to 1.2.1, update to version 1.2.1 or later to resolve the issue. As a temporary workaround, consider restricting the input data to prevent triggering of the log message that causes the crash.