CVE-2012-2882 — Improper Input Validation in Google Chrome

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

1.2%

top 21.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Opensuse Debian Ffmpeg

Timeline

PublishedSep 26

Latest updateMay 14

Description

FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle OGG containers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "wild pointer" issue.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶NVDgoogle/chrome22.0.1229.78+52

▶debiandebian/ffmpeg

▶NVDopensuse/opensuse12.1, 12.2+1

🔴Vulnerability Details

GHSA

GHSA-v74m-g9cg-8p42: FFmpeg, as used in Google Chrome before 22↗2022-05-14

▶

📋Vendor Advisories

Debian

CVE-2012-2882: ffmpeg - FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle O...↗2012

▶