VDB
CVE-2012-0852
CVE-2012-0852
PUBLISHED
CVSS 6.800000190734863 MEDIUM
The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two.
EPSS 2.28% · 85.0th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
2.28%
85.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ffmpeg | ffmpeg | 0.8.6, 0.7.8, 0.8.11 |
| libav | libav | 0.7.4, 0.7.5, 0.8 |
| n/a | n/a | n/a |
Exploit Intelligence
- USN-1479-1 (circl)
- [oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 (circl)
- https://ffmpeg.org/trac/ffmpeg/ticket/794 (circl)
- DSA-2494 (circl)
- http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=608708009f69ba4cecebf05120c696167494c897 (circl)
- http://libav.org/ (circl)
- http://ffmpeg.org/security.html (circl)
- ffmpeg-adpcmdecodeframe-code-exec(78932) (circl)
Timeline
- Aug 20, 2012 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- USN-1479-1 vendor-advisory
- [oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 mailing-list
- https://ffmpeg.org/trac/ffmpeg/ticket/794 url
- DSA-2494 vendor-advisory
- http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=608708009f69ba4cecebf05120c696167494c897 url
- http://libav.org/ url
- http://ffmpeg.org/security.html url
- ffmpeg-adpcmdecodeframe-code-exec(78932) vdb
- https://nvd.nist.gov/vuln/detail/CVE-2012-0852 advisory
- http://git.videolan.org/?p=ffmpeg.git;a=commit;h=608708009f69ba4cecebf05120c696167494c897 url
- http://libav.org url