Published: 10/09/2012 Updated: 07/11/2023

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg prior to 0.11 and Libav 0.8.x prior to 0.8.4 has unknown impact and attack vectors, related to inconsistencies in "coded slice positions and interlacing" that trigger "out of array writes."

Vulnerable Product	Search on Vulmon	Subscribe to Product
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.7.2
libav libav 0.8
libav libav 0.8.1
libav libav 0.8.2
libav libav 0.8.3

Libav could be made to crash or run programs as your login if it opened a specially crafted file ...

Debian Bug report logs - #688847 libav: multiple CVEs in ffmpeg/libav Package: src:libav; Maintainer for src:libav is Debian Multimedia Maintainers <pkg-multimedia-maintainers@listsaliothdebianorg>; Reported by: Yves-Alexis Perez <corsac@debianorg> Date: Wed, 26 Sep 2012 08:27:01 UTC Severity: grave Tags: securit ...

Debian Bug report logs - #688849 ffmpeg/squeeze/stable: multiple CVEs that need further investigation Package: src:ffmpeg; Maintainer for src:ffmpeg is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Yves-Alexis Perez <corsac@debianorg> Date: Wed, 26 Sep 2012 08:27:01 UTC Severity: g ...

NVD-CWE-noinfo http://www.openwall.com/lists/oss-security/2012/09/02/4 http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=5e59a77cec804a9b44c60ea22c17beba6453ef23 http://libav.org/releases/libav-0.8.4.changelog http://www.securityfocus.com/bid/55355 http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 http://www.openwall.com/lists/oss-security/2012/08/31/3 http://ffmpeg.org/security.html http://secunia.com/advisories/50468 http://secunia.com/advisories/51257 https://usn.ubuntu.com/1630-1/https://nvd.nist.gov

CVE-2012-2796

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect