CVE-2013-0866
Publication date 23 November 2013
Last updated 24 July 2024
Ubuntu priority
The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large number of channels in an AAC file, which triggers an out-of-bounds array access.
Status
Package | Ubuntu Release | Status |
---|---|---|
ffmpeg | ||
ffmpeg-extra | ||
libav | ||
libav-extra | ||
Notes
mdeslaur
libav and ffmpeg codebases have diverged to the point of not being able to track both using the same CVE numbers. Marking this CVE as not-affected for libav.