6.8
CVE-2012-0947
- EPSS 4.69%
- Veröffentlicht 20.08.2012 18:55:02
- Zuletzt bearbeitet 16.06.2026 23:38:33
- Quelle security@ubuntu.com
- CVE-Watchlists
- Unerledigt
Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec (vqavideo.c) in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VQA media file in which the image size is not a multiple of the block size.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.69% | 0.906 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://secunia.com/advisories/49089
http://www.debian.org/security/2012/dsa-2471
http://libav.org/
http://www.ubuntu.com/usn/USN-1479-1
http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=58b2e0f0f2fc96c1158e04f8aba95cbe6157a1a3
http://www.openwall.com/lists/oss-security/2012/05/03/4
http://www.securityfocus.com/bid/53389
https://bugs.launchpad.net/ubuntu/+source/libav/+bug/980963