PT-2013-2695 · Google+1 · Google Chrome+1

Published

2013-02-21

Updated

2024-06-15

CVE-2013-0899

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Opus versions prior to 1.0.2 Google Chrome versions prior to 25.0.1364.97 on Windows and Linux Google Chrome versions prior to 25.0.1364.99 on Mac OS X

Description The issue is related to an integer overflow in the padding implementation in the opus packet parse impl function. This allows remote attackers to cause a denial of service through an out-of-bounds read by sending a long packet.

Recommendations For Opus versions prior to 1.0.2, update to version 1.0.2 or later. For Google Chrome versions prior to 25.0.1364.97 on Windows and Linux, update to version 25.0.1364.97 or later. For Google Chrome versions prior to 25.0.1364.99 on Mac OS X, update to version 25.0.1364.99 or later.

Exploit

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2013-0899

OPENSUSE-SU-2024:10171-1

OPENSUSE-SU-2024:12948-1

Affected Products

Google Chrome

Opus

PT-2013-2695 · Google+1 · Google Chrome+1

CVE-2013-0899

Weakness Enumeration

Related Identifiers

Affected Products

References · 2348