4.3
CVE-2012-0849
- EPSS 1.5%
- Veröffentlicht 27.08.2012 23:55:01
- Zuletzt bearbeitet 16.06.2026 23:38:22
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted JPEG2000 image that triggers an incorrect check for a negative value.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.5% | 0.709 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
http://ffmpeg.org/security.html
http://www.openwall.com/lists/oss-security/2012/02/14/4
http://www.openwall.com/lists/oss-security/2012/02/01/11
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=1f99939a6361e2e6d6788494dd7c682b051c6c34
http://www.ffmpeg.org/trac/ffmpeg/ticket/776
https://exchange.xforce.ibmcloud.com/vulnerabilities/78935