CVE-2012-0854Improper Restriction of Operations within the Bounds of a Memory Buffer in Ffmpeg

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
1.3%
top 20.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
FfmpegDebian Ffmpeg
Timeline
PublishedAug 20
Latest updateMay 14

Description

The dpcm_decode_frame function in libavcodec/dpcm.c in FFmpeg before 0.9.1 does not use the proper pointer after an audio API change, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors, which triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDffmpeg/ffmpeg0.9+41
debiandebian/ffmpeg

🔴Vulnerability Details

1
GHSA
GHSA-94r4-9j59-hcxh: The dpcm_decode_frame function in libavcodec/dpcm2022-05-14

📋Vendor Advisories

1
Debian
CVE-2012-0854: ffmpeg - The dpcm_decode_frame function in libavcodec/dpcm.c in FFmpeg before 0.9.1 does ...2012