CVEs-PoC/2013/CVE-2013-2277.md

CVE-2013-2277

Description

The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted H.264 data.

POC

Reference

• http://www.ubuntu.com/usn/USN-1790-1

Github

No PoCs found on GitHub currently.