CVE-2012-6617 — Ffmpeg vulnerability

6 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.7%

top 27.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg

Timeline

PublishedDec 24

Latest updateMay 17

Description

The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDffmpeg/ffmpeg1.0.1+1

▶debiandebian/ffmpeg

🔴Vulnerability Details

GHSA

GHSA-5p79-rx54-3929: The prepare_sdp_description function in ffserver↗2022-05-17

▶

OSV

CVE-2012-6617: The prepare_sdp_description function in ffserver↗2013-12-24

▶

📋Vendor Advisories

Red Hat

qffmpeg/ffmpeg-spice: DoS via vectors related to the rtp format in ffserver.c↗2012-12-10

▶

Debian

CVE-2012-6617: ffmpeg - The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows...↗2012

▶

💬Community

Bugzilla

CVE-2012-6617 qffmpeg/ffmpeg-spice: DoS via vectors related to the rtp format in ffserver.c↗2013-12-26

▶