CVE-2013-7008

The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or possibly have unspecified other impact via crafted H.264 data.

Affected Software

Name	Vendor	Start Version	End Version
Ffmpeg	Ffmpeg	*	2.0.1 (including)
Ffmpeg	Ffmpeg	0.3 (including)	0.3 (including)
Ffmpeg	Ffmpeg	0.3.1 (including)	0.3.1 (including)
Ffmpeg	Ffmpeg	0.3.2 (including)	0.3.2 (including)
Ffmpeg	Ffmpeg	0.3.3 (including)	0.3.3 (including)
Ffmpeg	Ffmpeg	0.3.4 (including)	0.3.4 (including)
Ffmpeg	Ffmpeg	0.4.0 (including)	0.4.0 (including)
Ffmpeg	Ffmpeg	0.4.2 (including)	0.4.2 (including)
Ffmpeg	Ffmpeg	0.4.3 (including)	0.4.3 (including)
Ffmpeg	Ffmpeg	0.4.4 (including)	0.4.4 (including)
Ffmpeg	Ffmpeg	0.4.5 (including)	0.4.5 (including)
Ffmpeg	Ffmpeg	0.4.6 (including)	0.4.6 (including)
Ffmpeg	Ffmpeg	0.4.7 (including)	0.4.7 (including)
Ffmpeg	Ffmpeg	0.4.8 (including)	0.4.8 (including)
Ffmpeg	Ffmpeg	0.4.9-pre1 (including)	0.4.9-pre1 (including)
Ffmpeg	Ffmpeg	0.5 (including)	0.5 (including)
Ffmpeg	Ffmpeg	0.5.1 (including)	0.5.1 (including)
Ffmpeg	Ffmpeg	0.5.2 (including)	0.5.2 (including)
Ffmpeg	Ffmpeg	0.5.3 (including)	0.5.3 (including)
Ffmpeg	Ffmpeg	0.5.4 (including)	0.5.4 (including)
Ffmpeg	Ffmpeg	0.5.4.5 (including)	0.5.4.5 (including)
Ffmpeg	Ffmpeg	0.5.4.6 (including)	0.5.4.6 (including)
Ffmpeg	Ffmpeg	0.5.5 (including)	0.5.5 (including)
Ffmpeg	Ffmpeg	0.6 (including)	0.6 (including)
Ffmpeg	Ffmpeg	0.6.1 (including)	0.6.1 (including)
Ffmpeg	Ffmpeg	0.6.2 (including)	0.6.2 (including)
Ffmpeg	Ffmpeg	0.6.3 (including)	0.6.3 (including)
Ffmpeg	Ffmpeg	0.7 (including)	0.7 (including)
Ffmpeg	Ffmpeg	0.7.1 (including)	0.7.1 (including)
Ffmpeg	Ffmpeg	0.7.2 (including)	0.7.2 (including)
Ffmpeg	Ffmpeg	0.7.3 (including)	0.7.3 (including)
Ffmpeg	Ffmpeg	0.7.4 (including)	0.7.4 (including)
Ffmpeg	Ffmpeg	0.7.5 (including)	0.7.5 (including)
Ffmpeg	Ffmpeg	0.7.6 (including)	0.7.6 (including)
Ffmpeg	Ffmpeg	0.7.7 (including)	0.7.7 (including)
Ffmpeg	Ffmpeg	0.7.8 (including)	0.7.8 (including)
Ffmpeg	Ffmpeg	0.7.9 (including)	0.7.9 (including)
Ffmpeg	Ffmpeg	0.7.11 (including)	0.7.11 (including)
Ffmpeg	Ffmpeg	0.7.12 (including)	0.7.12 (including)
Ffmpeg	Ffmpeg	0.8.0 (including)	0.8.0 (including)
Ffmpeg	Ffmpeg	0.8.1 (including)	0.8.1 (including)
Ffmpeg	Ffmpeg	0.8.2 (including)	0.8.2 (including)
Ffmpeg	Ffmpeg	0.8.5 (including)	0.8.5 (including)
Ffmpeg	Ffmpeg	0.8.5.3 (including)	0.8.5.3 (including)
Ffmpeg	Ffmpeg	0.8.5.4 (including)	0.8.5.4 (including)
Ffmpeg	Ffmpeg	0.8.6 (including)	0.8.6 (including)
Ffmpeg	Ffmpeg	0.8.7 (including)	0.8.7 (including)
Ffmpeg	Ffmpeg	0.8.8 (including)	0.8.8 (including)
Ffmpeg	Ffmpeg	0.8.10 (including)	0.8.10 (including)
Ffmpeg	Ffmpeg	0.8.11 (including)	0.8.11 (including)
Ffmpeg	Ffmpeg	0.9 (including)	0.9 (including)
Ffmpeg	Ffmpeg	0.9.1 (including)	0.9.1 (including)
Ffmpeg	Ffmpeg	0.10 (including)	0.10 (including)
Ffmpeg	Ffmpeg	0.10.3 (including)	0.10.3 (including)
Ffmpeg	Ffmpeg	0.10.4 (including)	0.10.4 (including)
Ffmpeg	Ffmpeg	0.11 (including)	0.11 (including)
Ffmpeg	Ffmpeg	1.0 (including)	1.0 (including)
Ffmpeg	Ffmpeg	1.1.1 (including)	1.1.1 (including)
Ffmpeg	Ffmpeg	1.1.2 (including)	1.1.2 (including)
Ffmpeg	Ffmpeg	1.1.3 (including)	1.1.3 (including)
Ffmpeg	Ffmpeg	1.1.4 (including)	1.1.4 (including)
Ffmpeg	Ffmpeg	1.2 (including)	1.2 (including)
Ffmpeg	Ffmpeg	1.2.1 (including)	1.2.1 (including)
Ffmpeg	Ffmpeg	2.0 (including)	2.0 (including)
Ffmpeg	Ubuntu	lucid	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-7008
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References