CVE-2013-3674 - Vulnerability Details - OpenCVE

The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics Video data.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.01113.

Key SSVC decision points have not yet been added.

Vendors	Products
Ffmpeg Subscribe	Ffmpeg Subscribe

Configuration 1 [-]

cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
Debian DSA	DSA-3003-1	libav security update
EUVD	EUVD-2013-3607	The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics Video data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://ffmpeg.org/security.html
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=ad002e1a13a8df934bd6cb2c84175a4780ab8942
http://www.mandriva.com/security/advisories?name=MDVSA-2014:227

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-06-10T01:00:00

Updated: 2024-08-06T16:14:56.615Z

Reserved: 2013-05-24T00:00:00

Link: CVE-2013-3674

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-06-10T03:19:55.033

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-3674

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-05-10T00:00:00", "descriptions": [{"lang": "en", "value": "The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics Video data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-03-19T15:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "MDVSA-2014:227", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:227"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://ffmpeg.org/security.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=ad002e1a13a8df934bd6cb2c84175a4780ab8942"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3674", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics Video data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "MDVSA-2014:227", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:227"}, {"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd"}, {"name": "http://ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "http://ffmpeg.org/security.html"}, {"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ad002e1a13a8df934bd6cb2c84175a4780ab8942", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ad002e1a13a8df934bd6cb2c84175a4780ab8942"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:14:56.615Z"}, "title": "CVE Program Container", "references": [{"name": "MDVSA-2014:227", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:227"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://ffmpeg.org/security.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=ad002e1a13a8df934bd6cb2c84175a4780ab8942"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-3674", "datePublished": "2013-06-10T01:00:00", "dateReserved": "2013-05-24T00:00:00", "dateUpdated": "2024-08-06T16:14:56.615Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", "matchCriteriaId": "79E8BEE8-8F91-42D7-962D-27DCAD41CFC6", "versionEndIncluding": "1.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics Video data."}, {"lang": "es", "value": "La funci\u00f3n cdg_decode_frame en cdgraphics.c en libavcodec en FFmpeg anterior a 1.2.1 no valida la presencia de datos non-header en el b\u00fafer, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (acceso a array fuera de rango, y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de datos manipulados del tipo CD Graphics Video."}], "id": "CVE-2013-3674", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-06-10T03:19:55.033", "references": [{"source": "cve@mitre.org", "url": "http://ffmpeg.org/security.html"}, {"source": "cve@mitre.org", "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd"}, {"source": "cve@mitre.org", "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=ad002e1a13a8df934bd6cb2c84175a4780ab8942"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:227"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://ffmpeg.org/security.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=ad002e1a13a8df934bd6cb2c84175a4780ab8942"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:227"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}