Published: 10/09/2012 Updated: 07/11/2023

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Unspecified vulnerability in the decode_frame_mp3on4 function in libavcodec/mpegaudiodec.c in FFmpeg prior to 0.11 and Libav 0.8.x prior to 0.8.5 has unknown impact and attack vectors related to a calculation that prevents a frame from being "large enough."

Vulnerable Product	Search on Vulmon	Subscribe to Product
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.7.2
libav libav 0.8
libav libav 0.8.1
libav libav 0.8.2
libav libav 0.8.3
libav libav 0.8.4

Libav could be made to crash or run programs as your login if it opened a specially crafted file ...

Debian Bug report logs - #688847 libav: multiple CVEs in ffmpeg/libav Package: src:libav; Maintainer for src:libav is Debian Multimedia Maintainers <pkg-multimedia-maintainers@listsaliothdebianorg>; Reported by: Yves-Alexis Perez <corsac@debianorg> Date: Wed, 26 Sep 2012 08:27:01 UTC Severity: grave Tags: securit ...

Debian Bug report logs - #694483 CVEs: CVE-2012-2882 CVE-2012-5359 CVE-2012-5360 CVE-2012-5361 Package: src:libav; Maintainer for src:libav is Debian Multimedia Maintainers <pkg-multimedia-maintainers@listsaliothdebianorg>; Reported by: Arne Wichmann <aw@linuxde> Date: Mon, 26 Nov 2012 19:42:01 UTC Severity: grav ...

Debian Bug report logs - #688849 ffmpeg/squeeze/stable: multiple CVEs that need further investigation Package: src:ffmpeg; Maintainer for src:ffmpeg is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Yves-Alexis Perez <corsac@debianorg> Date: Wed, 26 Sep 2012 08:27:01 UTC Severity: g ...

NVD-CWE-noinfo http://www.openwall.com/lists/oss-security/2012/09/02/4 http://libav.org/releases/libav-0.8.5.changelog http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=cca9528524c7a4b91451f4322bd50849af5d057e http://www.securityfocus.com/bid/55355 http://www.openwall.com/lists/oss-security/2012/08/31/3 http://ffmpeg.org/security.html http://www.ubuntu.com/usn/USN-1705-1 http://secunia.com/advisories/50468 https://usn.ubuntu.com/1705-1/https://nvd.nist.gov

CVE-2012-2797

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect