CVE-2012-0852

2012-02-1400:00:00

ubuntu.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.022

Percentile

89.5%

JSON

The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before
0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before
0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of
service (application crash) and possibly execute arbitrary code via an
ADPCM file with the number of channels not equal to two.

Bugs

<https://ffmpeg.org/trac/ffmpeg/ticket/794>

Notes

Author	Note
mdeslaur	as of 2012-05-22, no equivalent fix in libav as of 2012-05-22, no equivalent fix in ffmpeg 0.5.x

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchffmpeg< 4:0.5.9-0ubuntu0.10.04.1UNKNOWN
ubuntu11.04noarchlibav< 4:0.6.6-0ubuntu0.11.04.1UNKNOWN
ubuntu11.10noarchlibav< 4:0.7.6-0ubuntu0.11.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	ffmpeg	< 4:0.5.9-0ubuntu0.10.04.1	UNKNOWN
ubuntu	11.04	noarch	libav	< 4:0.6.6-0ubuntu0.11.04.1	UNKNOWN
ubuntu	11.10	noarch	libav	< 4:0.7.6-0ubuntu0.11.10.1	UNKNOWN