CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
86.5%
Heap-based buffer overflow in the ws_snd_decode_frame function in
libavcodec/ws-snd1.c in FFmpeg 0.9.1 allows remote attackers to cause a
denial of service (application crash) via a crafted media file, related to
an incorrect calculation, aka “wrong samples count.”
Author | Note |
---|---|
jdstrand | per upstream, “Simple case of amount written and check mismatching” |
mdeslaur | code is different in ffmpeg 0.5.x and libav 0.6.x, probably not vulnerable |