CVE-2013-0894

Name of the Vulnerable Software and Affected Versions FFmpeg versions through 1.1.3 libavcodec versions through 1.1.3 Google Chrome versions before 25.0.1364.97 on Windows and Linux Google Chrome versions before 25.0.1364.99 on Mac OS X

Description The issue is related to a buffer overflow in the vorbis parse setup hdr floors function in the Vorbis decoder. This can be exploited by remote attackers to cause a denial of service, such as a divide-by-zero error or out-of-bounds array access, via vectors involving a zero value for a bark map size.

Recommendations For FFmpeg versions through 1.1.3, update to a version later than 1.1.3 to resolve the issue. For libavcodec versions through 1.1.3, update to a version later than 1.1.3 to resolve the issue. For Google Chrome versions before 25.0.1364.97 on Windows and Linux, update to version 25.0.1364.97 or later to resolve the issue. For Google Chrome versions before 25.0.1364.99 on Mac OS X, update to version 25.0.1364.99 or later to resolve the issue.