CVE-2012-0855Improper Restriction of Operations within the Bounds of a Memory Buffer in Ffmpeg

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
1.3%
top 20.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
FfmpegDebian Ffmpeg
Timeline
PublishedAug 27
Latest updateMay 14

Description

Heap-based buffer overflow in the get_sot function in the J2K decoder (j2k.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via unspecified vectors related to the curtileno variable.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDffmpeg/ffmpeg0.9+41
debiandebian/ffmpeg

🔴Vulnerability Details

1
GHSA
GHSA-6c24-f7cf-r9w9: Heap-based buffer overflow in the get_sot function in the J2K decoder (j2k2022-05-14

📋Vendor Advisories

1
Debian
CVE-2012-0855: ffmpeg - Heap-based buffer overflow in the get_sot function in the J2K decoder (j2k.c) in...2012