CVE-2012-5144 — HIGH (10.0)

Q: How severe is CVE-2012-5144?

CVE-2012-5144 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-5144?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Libav Libav, Google Chrome, Opensuse Opensuse.

Vulnerability Description

Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrite when switching to LTP profile from MAIN."

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Canonical	Ubuntu Linux	11.10
Libav	Libav	0.8
Google	Chrome	<= 23.0.1271.96
Opensuse	Opensuse	12.1

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2012-5144?

CVE-2012-5144 is a vulnerability with a CVSS score of 10.0 (HIGH). Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory c...

How severe is CVE-2012-5144?

CVE-2012-5144 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-5144?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Libav Libav, Google Chrome, Opensuse Opensuse.