CVE-2013-0899

NameCVE-2013-0899
DescriptionInteger overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs704870

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chromium-browser (PTS)jessie, jessie (lts)57.0.2987.98-1~deb8u1fixed
stretch (security), stretch (lts), stretch71.0.3578.80-1~deb9u1fixed
opus (PTS)jessie1.1-2fixed
stretch1.2~alpha2-1fixed
buster1.3-1fixed
bullseye1.3.1-0.1fixed
bookworm1.3.1-3fixed
sid, trixie1.5.2-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersourcesqueeze(unfixed)end-of-life
chromium-browsersource(unstable)25.0.1364.97-1
opussource(unstable)0.9.14+20120615-1+nmu1704870
Search for package or bug name: Reporting problems