CVE-2013-3672

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 1.2.1

Description The issue is related to the mm decode inter function in mmvideo.c in libavcodec, which does not validate the relationship between a horizontal coordinate and a width value. This allows remote attackers to cause a denial of service, resulting in out-of-bounds array access and application crash, via crafted American Laser Games (ALG) MM Video data.

Recommendations For versions prior to 1.2.1, update to version 1.2.1 or later to resolve the issue. As a temporary workaround, consider restricting the processing of ALG MM Video data to minimize the risk of exploitation.