Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2013-0894 | First vendor Publication | 2013-02-23 |
Vendor | Cve | Last vendor Modification | 2023-11-07 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0894 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:26401 | |||
Oval ID: | oval:org.mitre.oval:def:26401 | ||
Title: | Allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact | ||
Description: | Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0894 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-203.nasl - Type : ACT_GATHER_INFO |
2013-09-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201309-16.nasl - Type : ACT_GATHER_INFO |
2013-04-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1790-1.nasl - Type : ACT_GATHER_INFO |
2013-02-24 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_dfd92cb27d4811e2ad4800262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_25_0_1364_97.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2023-11-07 21:46:25 |
|
2021-09-08 21:24:38 |
|
2021-05-05 01:13:07 |
|
2020-09-29 00:22:40 |
|
2020-09-28 21:23:02 |
|
2020-05-24 01:10:30 |
|
2020-05-23 00:36:09 |
|
2017-11-15 12:01:59 |
|
2016-06-28 19:19:33 |
|
2014-06-14 13:34:42 |
|
2014-02-17 11:16:30 |
|
2013-05-10 22:29:04 |
|
2013-04-11 13:20:59 |
|
2013-02-25 21:18:46 |
|
2013-02-24 13:22:36 |
|