CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
80.1%
Heap-based buffer overflow in the avfilter_filter_samples function in
libavfilter/avfilter.c in FFmpeg before 0.9.1 allows remote attackers to
cause a denial of service (application crash) via a crafted media file.
Author | Note |
---|---|
jdstrand | per upstream, “Simple case of missing check, there wasnt much using the audio filters so this probably is not practically exploitable” |
mdeslaur | code not present in ffmpeg 0.5.x code is different in libav, doesn’t appear vulnerable. |