VDB

DEBIAN-CVE-2013-0860

DEBIAN-CVE-2013-0860 PUBLISHED

The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data.

Affected Products

VendorProductVersions
Debian:14ffmpeg0, 0, 0
Debian:12ffmpeg0, 0, 0
Debian:11ffmpeg0, 0, 0
Debian:13ffmpeg0, 0, 0

Timeline

  • Nov 23, 2013 CVE Published
  • Apr 28, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›