CVE-2012-0851

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2012-0851
The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted H.264 file, related to the chroma_format_idc value.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://ffmpeg.org/security.html
http://ffmpeg.org/trac/ffmpeg/ticket/758 Vendor Advisory
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=7fff64e00d886fde11d61958888c82b461cf99b9
http://libav.org/ Vendor Advisory
http://www.debian.org/security/2012/dsa-2494
http://www.mandriva.com/security/advisories?name=MDVSA-2013:079
http://www.openwall.com/lists/oss-security/2012/02/14/4
http://www.ubuntu.com/usn/USN-1479-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/78933
http://ffmpeg.org/security.html
http://ffmpeg.org/trac/ffmpeg/ticket/758 Vendor Advisory
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=7fff64e00d886fde11d61958888c82b461cf99b9
http://libav.org/ Vendor Advisory
http://www.debian.org/security/2012/dsa-2494
http://www.mandriva.com/security/advisories?name=MDVSA-2013:079
http://www.openwall.com/lists/oss-security/2012/02/14/4
http://www.ubuntu.com/usn/USN-1479-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/78933
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:libav:libav:0.5:*:*:*:*:*:*:*
cpe:2.3:a:libav:libav:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:libav:libav:0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:libav:libav:0.5.3:*:*:*:*:*:*:*
cpe:2.3:a:libav:libav:0.5.4:*:*:*:*:*:*:*
cpe:2.3:a:libav:libav:0.5.5:*:*:*:*:*:*:*
cpe:2.3:a:libav:libav:0.5.6:*:*:*:*:*:*:*
cpe:2.3:a:libav:libav:0.5.7:*:*:*:*:*:*:*
cpe:2.3:a:libav:libav:0.6:*:*:*:*:*:*:*
cpe:2.3:a:libav:libav:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:libav:libav:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:libav:libav:0.6.3:*:*:*:*:*:*:*
cpe:2.3:a:libav:libav:0.6.4:*:*:*:*:*:*:*
cpe:2.3:a:libav:libav:0.6.5:*:*:*:*:*:*:*
cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*
cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*
cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*
cpe:2.3:a:libav:libav:0.7.5:*:*:*:*:*:*:*
cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*
cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*
cpe:2.3:a:libav:libav:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:libav:libav:0.8.2:*:*:*:*:*:*:*
History

21 Nov 2024, 01:35

Type Values Removed Values Added
References () http://ffmpeg.org/security.html - () http://ffmpeg.org/security.html -
References () http://ffmpeg.org/trac/ffmpeg/ticket/758 - Vendor Advisory () http://ffmpeg.org/trac/ffmpeg/ticket/758 - Vendor Advisory
References () http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=7fff64e00d886fde11d61958888c82b461cf99b9 - () http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=7fff64e00d886fde11d61958888c82b461cf99b9 -
References () http://libav.org/ - Vendor Advisory () http://libav.org/ - Vendor Advisory
References () http://www.debian.org/security/2012/dsa-2494 - () http://www.debian.org/security/2012/dsa-2494 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 - () http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 -
References () http://www.openwall.com/lists/oss-security/2012/02/14/4 - () http://www.openwall.com/lists/oss-security/2012/02/14/4 -
References () http://www.ubuntu.com/usn/USN-1479-1 - () http://www.ubuntu.com/usn/USN-1479-1 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/78933 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/78933 -

07 Nov 2023, 02:10

Type Values Removed Values Added
References
  • {'url': 'http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7fff64e00d886fde11d61958888c82b461cf99b9', 'name': 'http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7fff64e00d886fde11d61958888c82b461cf99b9', 'tags': [], 'refsource': 'CONFIRM'}
  • () http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=7fff64e00d886fde11d61958888c82b461cf99b9 -
Information

Published : 2012-08-20 18:55

Updated : 2024-11-21 01:35

NVD link : CVE-2012-0851

Mitre link : CVE-2012-0851

CVE.ORG link : CVE-2012-0851

JSON object : View

Products Affected

libav

  • libav

ffmpeg

  • ffmpeg
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024