6.8

CVE-2012-0858

The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Shorten file, related to an "invalid free".
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FfmpegFfmpeg Version0.7.1
FfmpegFfmpeg Version0.7.2
FfmpegFfmpeg Version0.7.6
FfmpegFfmpeg Version0.7.7
FfmpegFfmpeg Version0.7.8
FfmpegFfmpeg Version0.7.9
FfmpegFfmpeg Version0.7.11
FfmpegFfmpeg Version0.8.5
FfmpegFfmpeg Version0.8.6
FfmpegFfmpeg Version0.8.7
FfmpegFfmpeg Version0.8.8
FfmpegFfmpeg Version0.8.10
LibavLibav Version0.5
LibavLibav Version0.5.1
LibavLibav Version0.5.2
LibavLibav Version0.5.3
LibavLibav Version0.5.4
LibavLibav Version0.5.5
LibavLibav Version0.5.6
LibavLibav Version0.5.7
LibavLibav Version0.6
LibavLibav Version0.6.1
LibavLibav Version0.6.2
LibavLibav Version0.6.3
LibavLibav Version0.6.4
LibavLibav Version0.6.5
LibavLibav Version0.7
LibavLibav Version0.7.1
LibavLibav Version0.7.2
LibavLibav Version0.7.3
LibavLibav Version0.7.4
LibavLibav Version0.8
LibavLibav Version0.8 Updatebeta2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.34% 0.9
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://ffmpeg.org/
Vendor Advisory
http://libav.org/
Vendor Advisory
http://www.ubuntu.com/usn/USN-1479-1
http://www.openwall.com/lists/oss-security/2012/02/14/4
http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=204cb29b3c84a74cbcd059d353c70c8bdc567d98
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=204cb29b3c84a74cbcd059d353c70c8bdc567d98