CVE-2013-0899

Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://codereview.chromium.org/11575026	Patch Issue Tracking
https://src.chromium.org/viewvc/chrome?view=rev&revision=173498	Patch Issue Tracking
https://src.chromium.org/viewvc/chrome/trunk/deps/third_party/opus/src/opus_decoder.c?r1=173498&r2=173497&pathrev=173498	Patch Issue Tracking
http://opus-codec.org/downloads/	Patch
http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html	Vendor Advisory
https://code.google.com/p/chromium/issues/detail?id=160480	Patch Issue Tracking
http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16027

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:google:chrome:25.0.1364.92:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.91:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.88:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.87:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.79:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.78:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.68:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.67:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.57:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.56:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.49:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.48:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.40:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.39:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.32:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.31:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.24:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.23:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.15:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.14:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.7:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.5:::::::*
	cpe:2.3:a:opus-codec:opus::::::::
	cpe:2.3:a:google:chrome:25.0.1364.90:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.89:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.81:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.80:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.73:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.72:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.70:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.61:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.58:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.51:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.50:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.43:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.42:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.41:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.34:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.33:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.26:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.25:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.17:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.16:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.9:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.8:::::::*
	cpe:2.3:a:google:chrome::::::::
	cpe:2.3:a:opus-codec:opus:1.0.0:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.84:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.82:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.75:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.74:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.63:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.62:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.53:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.52:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.45:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.44:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.36:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.35:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.28:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.27:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.20:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.19:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.18:::::::*
cpe:2.3:a:google:chrome:25.0.1364.11:::::::*
cpe:2.3:a:google:chrome:25.0.1364.10:::::::*
cpe:2.3:a:google:chrome:25.0.1364.1:::::::*
cpe:2.3:a:google:chrome:25.0.1364.0:::::::*
cpe:2.3:a:google:chrome:25.0.1364.93:::::::*
cpe:2.3:a:google:chrome:25.0.1364.86:::::::*
cpe:2.3:a:google:chrome:25.0.1364.85:::::::*
cpe:2.3:a:google:chrome:25.0.1364.77:::::::*
cpe:2.3:a:google:chrome:25.0.1364.76:::::::*
cpe:2.3:a:google:chrome:25.0.1364.66:::::::*
cpe:2.3:a:google:chrome:25.0.1364.65:::::::*
cpe:2.3:a:google:chrome:25.0.1364.55:::::::*
cpe:2.3:a:google:chrome:25.0.1364.54:::::::*
cpe:2.3:a:google:chrome:25.0.1364.47:::::::*
cpe:2.3:a:google:chrome:25.0.1364.46:::::::*
cpe:2.3:a:google:chrome:25.0.1364.38:::::::*
cpe:2.3:a:google:chrome:25.0.1364.37:::::::*
cpe:2.3:a:google:chrome:25.0.1364.30:::::::*
cpe:2.3:a:google:chrome:25.0.1364.29:::::::*
cpe:2.3:a:google:chrome:25.0.1364.22:::::::*
cpe:2.3:a:google:chrome:25.0.1364.21:::::::*
cpe:2.3:a:google:chrome:25.0.1364.13:::::::*
cpe:2.3:a:google:chrome:25.0.1364.12:::::::*
cpe:2.3:a:google:chrome:25.0.1364.3:::::::*
cpe:2.3:a:google:chrome:25.0.1364.2:::::::*

OR	cpe:2.3:o:microsoft:windows::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:opensuse:opensuse:12.1:::::::*
	cpe:2.3:o:opensuse:opensuse:12.2:::::::*

Configuration 3 (hide)

AND

OR	cpe:2.3:a:google:chrome:25.0.1364.35:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.36:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.43:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.44:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.52:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.51:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.50:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.61:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.58:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.1:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.2:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.11:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.12:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.13:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.19:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.22:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.27:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.30:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.68:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.70:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.37:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.38:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.45:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.46:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.53:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.62:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.63:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.0:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.9:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.10:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.17:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.20:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.25:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.28:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.75:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.76:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.77:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.85:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.86:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.93:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.88:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.39:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.40:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.47:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.48:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.55:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.54:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.66:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.65:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.7:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.8:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.16:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.18:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.23:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.26:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.31:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.74:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.82:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.84:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.92:::::::*
	cpe:2.3:a:google:chrome:25.0.1364.91:::::::*
	cpe:2.3:a:google:chrome::::::::
	cpe:2.3:a:opus-codec:opus:1.0.0:::::::*
	cpe:2.3:a:opus-codec:opus::::::::
cpe:2.3:a:google:chrome:25.0.1364.78:::::::*
cpe:2.3:a:google:chrome:25.0.1364.79:::::::*
cpe:2.3:a:google:chrome:25.0.1364.87:::::::*
cpe:2.3:a:google:chrome:25.0.1364.90:::::::*
cpe:2.3:a:google:chrome:25.0.1364.33:::::::*
cpe:2.3:a:google:chrome:25.0.1364.34:::::::*
cpe:2.3:a:google:chrome:25.0.1364.41:::::::*
cpe:2.3:a:google:chrome:25.0.1364.42:::::::*
cpe:2.3:a:google:chrome:25.0.1364.49:::::::*
cpe:2.3:a:google:chrome:25.0.1364.56:::::::*
cpe:2.3:a:google:chrome:25.0.1364.57:::::::*
cpe:2.3:a:google:chrome:25.0.1364.67:::::::*
cpe:2.3:a:google:chrome:25.0.1364.3:::::::*
cpe:2.3:a:google:chrome:25.0.1364.5:::::::*
cpe:2.3:a:google:chrome:25.0.1364.14:::::::*
cpe:2.3:a:google:chrome:25.0.1364.15:::::::*
cpe:2.3:a:google:chrome:25.0.1364.21:::::::*
cpe:2.3:a:google:chrome:25.0.1364.24:::::::*
cpe:2.3:a:google:chrome:25.0.1364.29:::::::*
cpe:2.3:a:google:chrome:25.0.1364.32:::::::*
cpe:2.3:a:google:chrome:25.0.1364.72:::::::*
cpe:2.3:a:google:chrome:25.0.1364.73:::::::*
cpe:2.3:a:google:chrome:25.0.1364.80:::::::*
cpe:2.3:a:google:chrome:25.0.1364.81:::::::*
cpe:2.3:a:google:chrome:25.0.1364.89:::::::*
cpe:2.3:a:google:chrome:25.0.1364.95:::::::*

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Information

Published : 2013-02-23 21:55

Updated : 2018-10-30 16:27

NVD link : CVE-2013-0899

Mitre link : CVE-2013-0899

JSON object : View

Products Affected

opensuse

opensuse

apple

mac_os_x

google

chrome

opus-codec

opus

linux

linux_kernel

microsoft

windows

CWE

CWE-189

Numeric Errors

5.0 /10