2.6

CVE-2012-6618

Exploit
The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient "frames to estimate rate."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FfmpegFfmpeg Version <= 1.0.1
FfmpegFfmpeg Version1.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.58% 0.723
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.ffmpeg.org/security.html
http://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v9.11
http://secunia.com/advisories/51964
Vendor Advisory
http://article.gmane.org/gmane.comp.video.ffmpeg.user/42233
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=e74cd2f4706f71da5e9205003c1d8263b54ed3fb
https://trac.ffmpeg.org/ticket/1991
Exploit