PT-2013-1094 · Debian+1 · Libav+1

Published

2013-11-23

Updated

2014-01-28

CVE-2013-0854

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libav versions prior to the fixed version

Description The issue concerns multiple vulnerabilities in the libav package of the Debian GNU/Linux operating system, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. Specifically, the mjpeg decode scan progressive ac function in libavcodec/mjpegdec.c in FFmpeg is affected, allowing remote attackers to have an impact via crafted MJPEG data.

Recommendations For versions prior to the fixed version, update to the fixed version to resolve the issue. As a temporary workaround, consider restricting access to the mjpeg decode scan progressive ac function in libavcodec/mjpegdec.c until a patch is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-189

Related Identifiers

BDU:2015-03049

CVE-2013-0854

DSA-2793-1

Affected Products

Ffmpeg

Libav

PT-2013-1094 · Debian+1 · Libav+1

CVE-2013-0854

Weakness Enumeration

Related Identifiers

Affected Products

References · 16