ID CVE-2012-0858
Summary The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Shorten file, related to an "invalid free".
References
Vulnerable Configurations
  • cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*
  • cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*
  • cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*
  • cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*
    cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*
  • cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*
    cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*
  • cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*
    cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*
  • cpe:2.3:a:libav:libav:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:libav:libav:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libav:libav:0.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:libav:libav:0.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libav:libav:0.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:libav:libav:0.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libav:libav:0.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:libav:libav:0.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libav:libav:0.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:libav:libav:0.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libav:libav:0.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:libav:libav:0.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libav:libav:0.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:libav:libav:0.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libav:libav:0.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:libav:libav:0.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:libav:libav:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:libav:libav:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libav:libav:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:libav:libav:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libav:libav:0.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:libav:libav:0.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libav:libav:0.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:libav:libav:0.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libav:libav:0.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:libav:libav:0.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libav:libav:0.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:libav:libav:0.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*
    cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 21-08-2012 - 14:41)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
confirm
mlist [oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1
ubuntu USN-1479-1
Last major update 21-08-2012 - 14:41
Published 20-08-2012 - 18:55
Last modified 21-08-2012 - 14:41
Back to Top