cvelistv5 - cve-2012-0852

cve-2012-0852

Vulnerability from cvelistv5

Published

2012-08-20 18:00

Modified

2024-08-06 18:38

Severity ?

Summary

The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two.

References

URL	Tags
secalert@redhat.com	http://ffmpeg.org/security.html
secalert@redhat.com	http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=608708009f69ba4cecebf05120c696167494c897
secalert@redhat.com	http://libav.org/	Vendor Advisory
secalert@redhat.com	http://www.debian.org/security/2012/dsa-2494
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/02/14/4
secalert@redhat.com	http://www.ubuntu.com/usn/USN-1479-1
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/78932
secalert@redhat.com	https://ffmpeg.org/trac/ffmpeg/ticket/794	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://ffmpeg.org/security.html
af854a3a-2127-422b-91ae-364da2661108	http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=608708009f69ba4cecebf05120c696167494c897
af854a3a-2127-422b-91ae-364da2661108	http://libav.org/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2494
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/02/14/4
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1479-1
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/78932
af854a3a-2127-422b-91ae-364da2661108	https://ffmpeg.org/trac/ffmpeg/ticket/794	Vendor Advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:14.805Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-1479-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1479-1"
          },
          {
            "name": "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/02/14/4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://ffmpeg.org/trac/ffmpeg/ticket/794"
          },
          {
            "name": "DSA-2494",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2494"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=608708009f69ba4cecebf05120c696167494c897"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://libav.org/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ffmpeg.org/security.html"
          },
          {
            "name": "ffmpeg-adpcmdecodeframe-code-exec(78932)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78932"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-12-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-1479-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1479-1"
        },
        {
          "name": "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/02/14/4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://ffmpeg.org/trac/ffmpeg/ticket/794"
        },
        {
          "name": "DSA-2494",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2494"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=608708009f69ba4cecebf05120c696167494c897"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://libav.org/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ffmpeg.org/security.html"
        },
        {
          "name": "ffmpeg-adpcmdecodeframe-code-exec(78932)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78932"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-0852",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-1479-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1479-1"
            },
            {
              "name": "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/02/14/4"
            },
            {
              "name": "https://ffmpeg.org/trac/ffmpeg/ticket/794",
              "refsource": "CONFIRM",
              "url": "https://ffmpeg.org/trac/ffmpeg/ticket/794"
            },
            {
              "name": "DSA-2494",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2494"
            },
            {
              "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=608708009f69ba4cecebf05120c696167494c897",
              "refsource": "CONFIRM",
              "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=608708009f69ba4cecebf05120c696167494c897"
            },
            {
              "name": "http://libav.org/",
              "refsource": "CONFIRM",
              "url": "http://libav.org/"
            },
            {
              "name": "http://ffmpeg.org/security.html",
              "refsource": "CONFIRM",
              "url": "http://ffmpeg.org/security.html"
            },
            {
              "name": "ffmpeg-adpcmdecodeframe-code-exec(78932)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78932"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-0852",
    "datePublished": "2012-08-20T18:00:00",
    "dateReserved": "2012-01-19T00:00:00",
    "dateUpdated": "2024-08-06T18:38:14.805Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-0852\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2012-08-20T18:55:02.777\",\"lastModified\":\"2024-11-21T01:35:50.807\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n adpcm_decode_frame en adpcm.c en libavcodec de FFmpeg antes en v0.9.1 y v0.5.x antes en Libav v0.5.9, v0.6.x antes de v0.6.6, v0.7.x antes de v0.7.6, y v0.8.x antes de v0.8.3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (por ca\u00edda de la aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo ADPCM con el n\u00famero de canales distinto a dos.\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.9\",\"matchCriteriaId\":\"D15FD45D-03F0-4EA0-9CEB-B7E7C62478D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07669E0E-8C4B-430E-802F-F64EEA2B5A0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3EB7F17-F25D-4E48-8A43-F799619CE71F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAA31D75-C3FB-4D89-8B2D-21372AAEB78B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B20E5358-826C-47A2-B39F-ED4E9213BA95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26321888-E140-4F09-AAA0-7392AA7F6307\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E46B9F3-A9C0-4B8A-A119-40CA4CBBD0EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44800572-71C5-4AA1-9CB6-30AA902B0353\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE9D7B73-9CDA-4BAE-8DD9-8E1E34C20648\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F428A2E4-A54F-4296-A00F-1A4E160253D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5239E4FA-0359-49F1-93D4-24AB013FAC20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0C8230D-4E89-45F9-B0F7-E317119E0FA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"585CE7D2-1CE8-44AB-AE67-07D7D3721F68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE81C339-A794-4303-B829-BE743DF0B132\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F27FF9C0-652E-42E8-90D0-B9B369DD6C8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15F27211-2DFC-4488-93D2-9A3664E593AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6418D3A-9972-4819-B2E6-2510438698A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF17452C-ED28-4558-9C90-102DF5485103\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CECEC54E-7014-447C-9174-8C2B026FF0B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31BE32E4-9577-4BA7-A275-67A86DB7BCE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16A3CC3F-C294-4DB3-97AE-1CFBED14A8AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E252038-F5E0-427F-8E59-FFD633497D09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABD1BB7A-D6FF-4B80-9DA6-36D081FB41CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"530C27CC-3250-4C94-8D88-F423FFD0BD4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"936C1855-67FB-49C3-A20A-3FE331403366\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92EB185C-1909-4359-B0C1-681E4ABEEECF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"136C7881-DB5A-4018-B01F-D2F9069F53D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"090BF77B-A099-4ECD-A9BC-AAD4B499F4C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18053821-801F-4652-AA73-9FDC5F562BA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5322AE7-8CAD-45EF-9955-37D16EBBDD40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFCDCA15-DF61-4150-96D7-10D68D07DAD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2D50C72-65B2-4490-9259-2A436207A72D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3BCDD63-DECF-4494-BCA7-30BFEE7055D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3260A66-B1C9-42F0-841E-63FAB009F020\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4953EC2E-BCD6-41B5-AEB3-0D82C15363A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CEBE4E3-50F3-43CB-911F-E1B52C2B8B3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86038BA1-9B14-4F12-9D61-B106E70F855C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84A42948-6239-4DEB-8BF0-39971D60207E\"}]}]}],\"references\":[{\"url\":\"http://ffmpeg.org/security.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=608708009f69ba4cecebf05120c696167494c897\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://libav.org/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2012/dsa-2494\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/02/14/4\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1479-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/78932\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://ffmpeg.org/trac/ffmpeg/ticket/794\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://ffmpeg.org/security.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=608708009f69ba4cecebf05120c696167494c897\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://libav.org/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2012/dsa-2494\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/02/14/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1479-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/78932\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://ffmpeg.org/trac/ffmpeg/ticket/794\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

ghsa-4fmg-3w8m-vwwr

Vulnerability from github

Published

2022-05-17 01:49

Modified

2022-05-17 01:49

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-0852"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-08-20T18:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two.",
  "id": "GHSA-4fmg-3w8m-vwwr",
  "modified": "2022-05-17T01:49:43Z",
  "published": "2022-05-17T01:49:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0852"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78932"
    },
    {
      "type": "WEB",
      "url": "https://ffmpeg.org/trac/ffmpeg/ticket/794"
    },
    {
      "type": "WEB",
      "url": "http://ffmpeg.org/security.html"
    },
    {
      "type": "WEB",
      "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=608708009f69ba4cecebf05120c696167494c897"
    },
    {
      "type": "WEB",
      "url": "http://libav.org"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2012/dsa-2494"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/02/14/4"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1479-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2012-0852

Vulnerability from fkie_nvd

Published

2012-08-20 18:55

Modified

2024-11-21 01:35

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://ffmpeg.org/security.html
secalert@redhat.com	http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=608708009f69ba4cecebf05120c696167494c897
secalert@redhat.com	http://libav.org/	Vendor Advisory
secalert@redhat.com	http://www.debian.org/security/2012/dsa-2494
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/02/14/4
secalert@redhat.com	http://www.ubuntu.com/usn/USN-1479-1
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/78932
secalert@redhat.com	https://ffmpeg.org/trac/ffmpeg/ticket/794	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://ffmpeg.org/security.html
af854a3a-2127-422b-91ae-364da2661108	http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=608708009f69ba4cecebf05120c696167494c897
af854a3a-2127-422b-91ae-364da2661108	http://libav.org/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2494
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/02/14/4
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1479-1
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/78932
af854a3a-2127-422b-91ae-364da2661108	https://ffmpeg.org/trac/ffmpeg/ticket/794	Vendor Advisory

Impacted products

Vendor	Product	Version
ffmpeg	ffmpeg	*
ffmpeg	ffmpeg	0.7.1
ffmpeg	ffmpeg	0.7.2
ffmpeg	ffmpeg	0.7.7
ffmpeg	ffmpeg	0.7.8
ffmpeg	ffmpeg	0.7.9
ffmpeg	ffmpeg	0.7.11
ffmpeg	ffmpeg	0.7.12
ffmpeg	ffmpeg	0.8.5
ffmpeg	ffmpeg	0.8.6
ffmpeg	ffmpeg	0.8.7
ffmpeg	ffmpeg	0.8.8
ffmpeg	ffmpeg	0.8.10
ffmpeg	ffmpeg	0.8.11
libav	libav	0.5
libav	libav	0.5.1
libav	libav	0.5.2
libav	libav	0.5.3
libav	libav	0.5.4
libav	libav	0.5.5
libav	libav	0.5.6
libav	libav	0.5.7
libav	libav	0.6
libav	libav	0.6.1
libav	libav	0.6.2
libav	libav	0.6.3
libav	libav	0.6.4
libav	libav	0.6.5
libav	libav	0.7
libav	libav	0.7.1
libav	libav	0.7.2
libav	libav	0.7.3
libav	libav	0.7.4
libav	libav	0.7.5
libav	libav	0.8
libav	libav	0.8
libav	libav	0.8.1
libav	libav	0.8.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D15FD45D-03F0-4EA0-9CEB-B7E7C62478D0",
              "versionEndIncluding": "0.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07669E0E-8C4B-430E-802F-F64EEA2B5A0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3EB7F17-F25D-4E48-8A43-F799619CE71F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAA31D75-C3FB-4D89-8B2D-21372AAEB78B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B20E5358-826C-47A2-B39F-ED4E9213BA95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "26321888-E140-4F09-AAA0-7392AA7F6307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E46B9F3-A9C0-4B8A-A119-40CA4CBBD0EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "44800572-71C5-4AA1-9CB6-30AA902B0353",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9D7B73-9CDA-4BAE-8DD9-8E1E34C20648",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F428A2E4-A54F-4296-A00F-1A4E160253D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5239E4FA-0359-49F1-93D4-24AB013FAC20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0C8230D-4E89-45F9-B0F7-E317119E0FA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "585CE7D2-1CE8-44AB-AE67-07D7D3721F68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE81C339-A794-4303-B829-BE743DF0B132",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F27FF9C0-652E-42E8-90D0-B9B369DD6C8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "15F27211-2DFC-4488-93D2-9A3664E593AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6418D3A-9972-4819-B2E6-2510438698A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF17452C-ED28-4558-9C90-102DF5485103",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CECEC54E-7014-447C-9174-8C2B026FF0B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "31BE32E4-9577-4BA7-A275-67A86DB7BCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A3CC3F-C294-4DB3-97AE-1CFBED14A8AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E252038-F5E0-427F-8E59-FFD633497D09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABD1BB7A-D6FF-4B80-9DA6-36D081FB41CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "530C27CC-3250-4C94-8D88-F423FFD0BD4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "936C1855-67FB-49C3-A20A-3FE331403366",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "92EB185C-1909-4359-B0C1-681E4ABEEECF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "136C7881-DB5A-4018-B01F-D2F9069F53D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "090BF77B-A099-4ECD-A9BC-AAD4B499F4C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "18053821-801F-4652-AA73-9FDC5F562BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5322AE7-8CAD-45EF-9955-37D16EBBDD40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFCDCA15-DF61-4150-96D7-10D68D07DAD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2D50C72-65B2-4490-9259-2A436207A72D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3BCDD63-DECF-4494-BCA7-30BFEE7055D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3260A66-B1C9-42F0-841E-63FAB009F020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4953EC2E-BCD6-41B5-AEB3-0D82C15363A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "3CEBE4E3-50F3-43CB-911F-E1B52C2B8B3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "86038BA1-9B14-4F12-9D61-B106E70F855C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "84A42948-6239-4DEB-8BF0-39971D60207E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n adpcm_decode_frame en adpcm.c en libavcodec de FFmpeg antes en v0.9.1 y v0.5.x antes en Libav v0.5.9, v0.6.x antes de v0.6.6, v0.7.x antes de v0.7.6, y v0.8.x antes de v0.8.3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (por ca\u00edda de la aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo ADPCM con el n\u00famero de canales distinto a dos.\r\n"
    }
  ],
  "id": "CVE-2012-0852",
  "lastModified": "2024-11-21T01:35:50.807",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-08-20T18:55:02.777",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://ffmpeg.org/security.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=608708009f69ba4cecebf05120c696167494c897"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://libav.org/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2012/dsa-2494"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/02/14/4"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1479-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78932"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://ffmpeg.org/trac/ffmpeg/ticket/794"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ffmpeg.org/security.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=608708009f69ba4cecebf05120c696167494c897"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://libav.org/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2494"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/02/14/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1479-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78932"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://ffmpeg.org/trac/ffmpeg/ticket/794"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2012-0852

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2012-0852

Aliases

CVE-2012-0852

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-0852",
    "description": "The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two.",
    "id": "GSD-2012-0852",
    "references": [
      "https://www.debian.org/security/2012/dsa-2494"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-0852"
      ],
      "details": "The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two.",
      "id": "GSD-2012-0852",
      "modified": "2023-12-13T01:20:13.697895Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2012-0852",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "USN-1479-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-1479-1"
          },
          {
            "name": "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2012/02/14/4"
          },
          {
            "name": "https://ffmpeg.org/trac/ffmpeg/ticket/794",
            "refsource": "CONFIRM",
            "url": "https://ffmpeg.org/trac/ffmpeg/ticket/794"
          },
          {
            "name": "DSA-2494",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2012/dsa-2494"
          },
          {
            "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=608708009f69ba4cecebf05120c696167494c897",
            "refsource": "CONFIRM",
            "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=608708009f69ba4cecebf05120c696167494c897"
          },
          {
            "name": "http://libav.org/",
            "refsource": "CONFIRM",
            "url": "http://libav.org/"
          },
          {
            "name": "http://ffmpeg.org/security.html",
            "refsource": "CONFIRM",
            "url": "http://ffmpeg.org/security.html"
          },
          {
            "name": "ffmpeg-adpcmdecodeframe-code-exec(78932)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78932"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-0852"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://libav.org/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://libav.org/"
            },
            {
              "name": "USN-1479-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-1479-1"
            },
            {
              "name": "https://ffmpeg.org/trac/ffmpeg/ticket/794",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://ffmpeg.org/trac/ffmpeg/ticket/794"
            },
            {
              "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=608708009f69ba4cecebf05120c696167494c897",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=608708009f69ba4cecebf05120c696167494c897"
            },
            {
              "name": "DSA-2494",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2012/dsa-2494"
            },
            {
              "name": "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2012/02/14/4"
            },
            {
              "name": "http://ffmpeg.org/security.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://ffmpeg.org/security.html"
            },
            {
              "name": "ffmpeg-adpcmdecodeframe-code-exec(78932)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78932"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-29T01:31Z",
      "publishedDate": "2012-08-20T18:55Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2012-0852

Vulnerability from cvelistv5

ghsa-4fmg-3w8m-vwwr

Vulnerability from github

fkie_cve-2012-0852

Vulnerability from fkie_nvd

gsd-2012-0852

Vulnerability from gsd

Tags

Sightings

Nomenclature