CVE-2012-0947 — Vulnetix

Try Vulnetix Request Demo

CVE-2012-0947 PUBLISHED CVSS 6.800000190734863 MEDIUM

Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec (vqavideo.c) in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VQA media file in which the image size is not a multiple of the block size.

EPSS 3.51% · 87.5th percentile

Risk Scores

CVSS v2.0

6.800000190734863

EPSS Score

3.51%

87.5th percentile

Affected Products

Vendor	Product	Versions
libav	libav	0.8.1, 0.5, 0.5.1
n/a	n/a	n/a

Timeline

Aug 20, 2012 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Aug 31, 2023 EPSS Score

References

https://bugs.launchpad.net/ubuntu/+source/libav/+bug/980963 url
USN-1479-1 vendor-advisory
http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=58b2e0f0f2fc96c1158e04f8aba95cbe6157a1a3 url
49089 third-party-advisory
DSA-2471 vendor-advisory
http://libav.org/ url
53389 vdb
[oss-security] 20120503 Security issue in libav/ffmpeg mailing-list
https://nvd.nist.gov/vuln/detail/CVE-2012-0947 advisory
http://git.libav.org/?p=libav.git;a=commit;h=58b2e0f0f2fc96c1158e04f8aba95cbe6157a1a3 url
http://libav.org url

Open in Interactive Console →