Vulnerability Description
The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient "frames to estimate rate."
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ffmpeg | Ffmpeg | <= 1.0.1 |
Related Weaknesses (CWE)
References
- http://article.gmane.org/gmane.comp.video.ffmpeg.user/42233
- http://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v9.11
- http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=e74cd2f4706f71da5e9205003c1
- http://secunia.com/advisories/51964Vendor Advisory
- http://www.ffmpeg.org/security.html
- https://trac.ffmpeg.org/ticket/1991Exploit
- http://article.gmane.org/gmane.comp.video.ffmpeg.user/42233
- http://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v9.11
- http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=e74cd2f4706f71da5e9205003c1
- http://secunia.com/advisories/51964Vendor Advisory
- http://www.ffmpeg.org/security.html
- https://trac.ffmpeg.org/ticket/1991Exploit
FAQ
What is CVE-2012-6618?
CVE-2012-6618 is a vulnerability with a CVSS score of 2.6 (LOW). The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafte...
How severe is CVE-2012-6618?
CVE-2012-6618 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-6618?
Check the references section above for vendor advisories and patch information. Affected products include: Ffmpeg Ffmpeg.