CVE Vulnerabilities

CVE-2012-0858

Published: Aug 20, 2012 | Modified: Aug 21, 2012
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Shorten file, related to an invalid free.

Affected Software

Name Vendor Start Version End Version
Ffmpeg Ffmpeg 0.7.1 0.7.1
Ffmpeg Ffmpeg 0.7.2 0.7.2
Ffmpeg Ffmpeg 0.7.6 0.7.6
Ffmpeg Ffmpeg 0.7.7 0.7.7
Ffmpeg Ffmpeg 0.7.8 0.7.8
Ffmpeg Ffmpeg 0.7.9 0.7.9
Ffmpeg Ffmpeg 0.7.11 0.7.11
Ffmpeg Ubuntu hardy *
Ffmpeg Ubuntu lucid *
Ffmpeg Ubuntu maverick *
Ffmpeg-extra Ubuntu lucid *
Ffmpeg-extra Ubuntu maverick *
Libav Ubuntu natty *
Libav Ubuntu oneiric *
Libav Ubuntu upstream *
Libav-extra Ubuntu natty *
Libav-extra Ubuntu oneiric *

References