10

CVE-2012-5144

Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrite when switching to LTP profile from MAIN."

Data is provided by the National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version11.10
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version12.10
LibavLibav Version0.8
LibavLibav Version0.8 Updatebeta2
LibavLibav Version0.8.1
LibavLibav Version0.8.2
LibavLibav Version0.8.3
LibavLibav Version0.8.4
GoogleChrome Version <= 23.0.1271.96
GoogleChrome Version23.0.1271.0
GoogleChrome Version23.0.1271.1
GoogleChrome Version23.0.1271.2
GoogleChrome Version23.0.1271.3
GoogleChrome Version23.0.1271.4
GoogleChrome Version23.0.1271.5
GoogleChrome Version23.0.1271.6
GoogleChrome Version23.0.1271.7
GoogleChrome Version23.0.1271.8
GoogleChrome Version23.0.1271.9
GoogleChrome Version23.0.1271.10
GoogleChrome Version23.0.1271.11
GoogleChrome Version23.0.1271.12
GoogleChrome Version23.0.1271.13
GoogleChrome Version23.0.1271.14
GoogleChrome Version23.0.1271.15
GoogleChrome Version23.0.1271.16
GoogleChrome Version23.0.1271.17
GoogleChrome Version23.0.1271.18
GoogleChrome Version23.0.1271.19
GoogleChrome Version23.0.1271.20
GoogleChrome Version23.0.1271.21
GoogleChrome Version23.0.1271.22
GoogleChrome Version23.0.1271.23
GoogleChrome Version23.0.1271.24
GoogleChrome Version23.0.1271.26
GoogleChrome Version23.0.1271.30
GoogleChrome Version23.0.1271.31
GoogleChrome Version23.0.1271.32
GoogleChrome Version23.0.1271.33
GoogleChrome Version23.0.1271.35
GoogleChrome Version23.0.1271.36
GoogleChrome Version23.0.1271.37
GoogleChrome Version23.0.1271.38
GoogleChrome Version23.0.1271.39
GoogleChrome Version23.0.1271.40
GoogleChrome Version23.0.1271.41
GoogleChrome Version23.0.1271.44
GoogleChrome Version23.0.1271.45
GoogleChrome Version23.0.1271.46
GoogleChrome Version23.0.1271.49
GoogleChrome Version23.0.1271.50
GoogleChrome Version23.0.1271.51
GoogleChrome Version23.0.1271.52
GoogleChrome Version23.0.1271.53
GoogleChrome Version23.0.1271.54
GoogleChrome Version23.0.1271.55
GoogleChrome Version23.0.1271.56
GoogleChrome Version23.0.1271.57
GoogleChrome Version23.0.1271.58
GoogleChrome Version23.0.1271.59
GoogleChrome Version23.0.1271.60
GoogleChrome Version23.0.1271.61
GoogleChrome Version23.0.1271.62
GoogleChrome Version23.0.1271.64
GoogleChrome Version23.0.1271.83
GoogleChrome Version23.0.1271.84
GoogleChrome Version23.0.1271.85
GoogleChrome Version23.0.1271.86
GoogleChrome Version23.0.1271.87
GoogleChrome Version23.0.1271.88
GoogleChrome Version23.0.1271.89
GoogleChrome Version23.0.1271.91
GoogleChrome Version23.0.1271.92
GoogleChrome Version23.0.1271.93
GoogleChrome Version23.0.1271.94
GoogleChrome Version23.0.1271.95
OpensuseOpensuse Version12.1
OpensuseOpensuse Version12.2
LibavLibav Version0.7
LibavLibav Version0.7 Updatebeta1
LibavLibav Version0.7 Updatebeta2
LibavLibav Version0.7.1
LibavLibav Version0.7.2
LibavLibav Version0.7.3
LibavLibav Version0.7.4
LibavLibav Version0.7.5
LibavLibav Version0.7.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 3.51% 0.864
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.