CVE-2012-0852
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 6.8/10
- Exploit Score
- 8.6/10
- Access Vector
- Network
- Access Complexity
- Medium
- Authentication Required
- None
- Impact Score
- 6.4/10
- Confidentiality Impact
- Partial
- Availability Impact
- Partial
- Integrity Impact
- Partial
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:libav:libav:0.6.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:libav:libav:0.5.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:libav:libav:0.5.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:libav:libav:0.5.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:libav:libav:0.6.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:libav:libav:0.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:libav:libav:0.5.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:libav:libav:0.6.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:libav:libav:0.7.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:libav:libav:0.5.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:libav:libav:0.6.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:libav:libav:0.6.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:libav:libav:0.5.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:libav:libav:0.5.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:libav:libav:0.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:libav:libav:0.8.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:libav:libav:0.8.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:* |
Yes
|
- | - |
References
- http://libav.org/
- http://www.ubuntu.com/usn/USN-1479-1
- https://ffmpeg.org/trac/ffmpeg/ticket/794
- http://git.videolan.org/?p=ffmpeg.git;a=commit;h=608708009f69ba4cecebf05120c696167494c89
- http://www.debian.org/security/2012/dsa-2494
- http://www.openwall.com/lists/oss-security/2012/02/14/4
- http://ffmpeg.org/security.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78932
Get started for free to scan for vulnerabilites.
Download Mageni. It is free to get started and can be installed in Windows, macOS and Linux.