Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0858

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-0858
Last Modified 21 Aug 2012 10:41:36
Published 20 Aug 2012 02:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0858

Summary

The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Shorten file, related to an "invalid free".

Vulnerable Systems

Application

  • Ffmpeg 0.7.1

  • Ffmpeg 0.7.11

  • Ffmpeg 0.7.2

  • Ffmpeg 0.7.6

  • Ffmpeg 0.7.7

  • Ffmpeg 0.7.8

  • Ffmpeg 0.7.9

  • Ffmpeg 0.8.10

  • Ffmpeg 0.8.5

  • Ffmpeg 0.8.6

  • Ffmpeg 0.8.7

  • Ffmpeg 0.8.8

  • Libav 0.5

  • Libav 0.5.1

  • Libav 0.5.2

  • Libav 0.5.3

  • Libav 0.5.4

  • Libav 0.5.5

  • Libav 0.5.6

  • Libav 0.5.7

  • Libav 0.6

  • Libav 0.6.1

  • Libav 0.6.2

  • Libav 0.6.3

  • Libav 0.6.4

  • Libav 0.6.5

  • Libav 0.7

  • Libav 0.7.1

  • Libav 0.7.2

  • Libav 0.7.3

  • Libav 0.7.4

  • Libav 0.8


References

UBUNTU - USN-1479-1

MLIST - [oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1

CONFIRM - http://libav.org/

CONFIRM - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=204cb29b3c84a74cbcd059d353c70c8bdc567d98

CONFIRM - http://git.libav.org/?p=libav.git;a=commitdiff;h=204cb29b3c84a74cbcd059d353c70c8bdc567d98

CONFIRM - http://ffmpeg.org/


Last Updated: 27 May 2016 10:57:36