CVE-2013-2276

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 1.1.3

Description The issue is related to the avcodec decode audio4 function in utils.c in libavcodec, which does not verify the decoding state before proceeding with certain skip operations. This allows remote attackers to cause a denial of service, such as out-of-bounds array access and application crash, or possibly have other unspecified impacts via crafted audio data.

Recommendations For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the avcodec decode audio4 function until a patch is available.