Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0859

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-0859
Last Modified 29 Jan 2013 11:47:34
Published 20 Aug 2012 02:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0859

Summary

The render_line function in the vorbis codec (vorbis.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Vorbis file, related to a large multiplier. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3893.

Vulnerable Systems

Application

  • Ffmpeg 0.7.1

  • Ffmpeg 0.7.11

  • Ffmpeg 0.7.12

  • Ffmpeg 0.7.2

  • Ffmpeg 0.7.7

  • Ffmpeg 0.7.8

  • Ffmpeg 0.7.9

  • Ffmpeg 0.8.10

  • Ffmpeg 0.8.11

  • Ffmpeg 0.8.5

  • Ffmpeg 0.8.6

  • Ffmpeg 0.8.7

  • Ffmpeg 0.8.8

  • Ffmpeg 0.9


References

UBUNTU - USN-1479-1

MLIST - [oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1

CONFIRM - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6fcf2bb8af0e7d6bb179e71e67e5fab8ef0d2ec2

XF - ffmpeg-renderline-code-exec(78925)

CONFIRM - http://ffmpeg.org/security.html


Last Updated: 27 May 2016 10:49:40