CVE-2012-6618 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Ffmpeg

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

2.6LOWNVD

EPSS

1.0%

top 22.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg

Timeline

PublishedDec 24

Latest updateMay 17

Description

The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient "frames to estimate rate."

CVSS vector

AV:N/AC:H/C:N/I:N/A:PExploitability: 4.9 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/ffmpeg< ffmpeg 7:2.4.1-1 (bookworm)

▶Debianffmpeg/ffmpeg< 7:2.4.1-1+3

▶NVDffmpeg/ffmpeg1.0.1+1

🔴Vulnerability Details

GHSA

GHSA-c3mp-24r8-cfj3: The av_probe_input_buffer function in libavformat/utils↗2022-05-17

▶

OSV

CVE-2012-6618: The av_probe_input_buffer function in libavformat/utils↗2013-12-24

▶

💥Exploits & PoCs

Exploit-DB

Juniper Junos J-Web - Privilege Escalation↗2013-11-12

▶

📋Vendor Advisories

Debian

CVE-2012-6618: ffmpeg - The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2...↗2012

▶