Launchpad.net

CVE 2013-7020

The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.

Related bugs and status

CVE-2013-7020 (Candidate) is related to these bugs:

Bug #1370175: Libav security fixes Sept 2014

		In	Importance	Status
1370175	Libav security fixes Sept 2014	libav (Ubuntu)	High	Fix Released
1370175	Libav security fixes Sept 2014	libav (Ubuntu Trusty)	High	Fix Released
1370175	Libav security fixes Sept 2014	libav (Ubuntu Precise)	High	Fix Released
1370175	Libav security fixes Sept 2014	libav (Ubuntu Utopic)	High	Won't Fix

Bug #1432610: Libav security fixes March 2015

		In	Importance	Status
1432610	Libav security fixes March 2015	libav (Ubuntu Precise)	High	Fix Released
1432610	Libav security fixes March 2015	libav (Ubuntu Vivid)	High	Confirmed
1432610	Libav security fixes March 2015	libav (Ubuntu Utopic)	High	Won't Fix
1432610	Libav security fixes March 2015	libav (Ubuntu Trusty)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-7020

Related bugs and status

Related bugs

References