CVE-2012-0849Ffmpeg vulnerability

CWE-1894 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
1.0%
top 23.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
FfmpegDebian Ffmpeg
Timeline
PublishedAug 27
Latest updateMay 14

Description

Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted JPEG2000 image that triggers an incorrect check for a negative value.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDffmpeg/ffmpeg0.9+41
debiandebian/ffmpeg

Patches

Patch: www.ffmpeg.orgPatch: www.ffmpeg.org

🔴Vulnerability Details

1
GHSA
GHSA-cmgq-gqwf-mjfw: Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt2022-05-14

📋Vendor Advisories

1
Debian
CVE-2012-0849: ffmpeg - Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in FFmp...2012

📄Research Papers

1
arXiv
Towards Making Deep Learning-based Vulnerability Detectors Robust2021-08-04