Vulnerability Description
The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ffmpeg | Ffmpeg | <= 0.9 |
| Libav | Libav | 0.5 |
Related Weaknesses (CWE)
References
- http://ffmpeg.org/security.html
- http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=608708009f69ba4cecebf05120c
- http://libav.org/Vendor Advisory
- http://www.debian.org/security/2012/dsa-2494
- http://www.openwall.com/lists/oss-security/2012/02/14/4
- http://www.ubuntu.com/usn/USN-1479-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78932
- https://ffmpeg.org/trac/ffmpeg/ticket/794Vendor Advisory
- http://ffmpeg.org/security.html
- http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=608708009f69ba4cecebf05120c
- http://libav.org/Vendor Advisory
- http://www.debian.org/security/2012/dsa-2494
- http://www.openwall.com/lists/oss-security/2012/02/14/4
- http://www.ubuntu.com/usn/USN-1479-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78932
FAQ
What is CVE-2012-0852?
CVE-2012-0852 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers ...
How severe is CVE-2012-0852?
CVE-2012-0852 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-0852?
Check the references section above for vendor advisories and patch information. Affected products include: Ffmpeg Ffmpeg, Libav Libav.