CVE-2013-2277

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 1.1.3

Description The issue is related to the ff h264 decode seq parameter set function in h264 ps.c in libavcodec. It does not validate the relationship between luma depth and chroma depth, allowing remote attackers to cause a denial of service, such as out-of-bounds array access and application crash, via crafted H.264 data.

Recommendations For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting the processing of crafted H.264 data to minimize the risk of exploitation.