CVE-2013-3675

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 1.2.1

Description The issue is related to the process frame obj function in sanm.c within the libavcodec component of FFmpeg. This function does not validate width and height values, allowing remote attackers to cause a denial of service through integer overflow, out-of-bounds array access, and application crash by providing crafted LucasArts Smush video data.

Recommendations For versions prior to 1.2.1, update to version 1.2.1 or later to resolve the issue. As a temporary workaround, consider restricting the processing of LucasArts Smush video data until the update is applied.