CVE-2012-0852

The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://ffmpeg.org/security.html
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=608708009f69ba4cecebf05120c696167494c897
http://libav.org/	Vendor Advisory
http://www.debian.org/security/2012/dsa-2494
http://www.openwall.com/lists/oss-security/2012/02/14/4
http://www.ubuntu.com/usn/USN-1479-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/78932
https://ffmpeg.org/trac/ffmpeg/ticket/794	Vendor Advisory
http://ffmpeg.org/security.html
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=608708009f69ba4cecebf05120c696167494c897
http://libav.org/	Vendor Advisory
http://www.debian.org/security/2012/dsa-2494
http://www.openwall.com/lists/oss-security/2012/02/14/4
http://www.ubuntu.com/usn/USN-1479-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/78932
https://ffmpeg.org/trac/ffmpeg/ticket/794	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ffmpeg:ffmpeg::::::::
	cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:libav:libav:0.5:::::::*
	cpe:2.3:a:libav:libav:0.5.1:::::::*
	cpe:2.3:a:libav:libav:0.5.2:::::::*
	cpe:2.3:a:libav:libav:0.5.3:::::::*
	cpe:2.3:a:libav:libav:0.5.4:::::::*
	cpe:2.3:a:libav:libav:0.5.5:::::::*
	cpe:2.3:a:libav:libav:0.5.6:::::::*
	cpe:2.3:a:libav:libav:0.5.7:::::::*
	cpe:2.3:a:libav:libav:0.6:::::::*
	cpe:2.3:a:libav:libav:0.6.1:::::::*
	cpe:2.3:a:libav:libav:0.6.2:::::::*
	cpe:2.3:a:libav:libav:0.6.3:::::::*
	cpe:2.3:a:libav:libav:0.6.4:::::::*
	cpe:2.3:a:libav:libav:0.6.5:::::::*
	cpe:2.3:a:libav:libav:0.7:::::::*
	cpe:2.3:a:libav:libav:0.7.1:::::::*
	cpe:2.3:a:libav:libav:0.7.2:::::::*
	cpe:2.3:a:libav:libav:0.7.3:::::::*
	cpe:2.3:a:libav:libav:0.7.4:::::::*
	cpe:2.3:a:libav:libav:0.7.5:::::::*
	cpe:2.3:a:libav:libav:0.8:::::::*
	cpe:2.3:a:libav:libav:0.8:beta2::::::
	cpe:2.3:a:libav:libav:0.8.1:::::::*
	cpe:2.3:a:libav:libav:0.8.2:::::::*

History

21 Nov 2024, 01:35

Type	Values Removed	Values Added
References	~~() http://ffmpeg.org/security.html -~~	() http://ffmpeg.org/security.html -
References	~~() http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=608708009f69ba4cecebf05120c696167494c897 -~~	() http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=608708009f69ba4cecebf05120c696167494c897 -
References	~~() http://libav.org/ - Vendor Advisory~~	() http://libav.org/ - Vendor Advisory
References	~~() http://www.debian.org/security/2012/dsa-2494 -~~	() http://www.debian.org/security/2012/dsa-2494 -
References	~~() http://www.openwall.com/lists/oss-security/2012/02/14/4 -~~	() http://www.openwall.com/lists/oss-security/2012/02/14/4 -
References	~~() http://www.ubuntu.com/usn/USN-1479-1 -~~	() http://www.ubuntu.com/usn/USN-1479-1 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/78932 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/78932 -
References	~~() https://ffmpeg.org/trac/ffmpeg/ticket/794 - Vendor Advisory~~	() https://ffmpeg.org/trac/ffmpeg/ticket/794 - Vendor Advisory

07 Nov 2023, 02:10

Type	Values Removed	Values Added
References	{'url': 'http://git.videolan.org/?p=ffmpeg.git;a=commit;h=608708009f69ba4cecebf05120c696167494c897', 'name': 'http://git.videolan.org/?p=ffmpeg.git;a=commit;h=608708009f69ba4cecebf05120c696167494c897', 'tags': [], 'refsource': 'CONFIRM'}	() http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=608708009f69ba4cecebf05120c696167494c897 -

Information

Published : 2012-08-20 18:55

Updated : 2025-04-11 00:51

NVD link : CVE-2012-0852

Mitre link : CVE-2012-0852

CVE.ORG link : CVE-2012-0852

JSON object : View

Products Affected

libav

libav

ffmpeg

ffmpeg

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2012-0852", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-08-20T18:55:02.777", "references": [{"url": "http://ffmpeg.org/security.html", "source": "secalert@redhat.com"}, {"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=608708009f69ba4cecebf05120c696167494c897", "source": "secalert@redhat.com"}, {"url": "http://libav.org/", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2012/dsa-2494", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/02/14/4", "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-1479-1", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78932", "source": "secalert@redhat.com"}, {"url": "https://ffmpeg.org/trac/ffmpeg/ticket/794", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://ffmpeg.org/security.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=608708009f69ba4cecebf05120c696167494c897", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://libav.org/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2012/dsa-2494", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2012/02/14/4", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-1479-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78932", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://ffmpeg.org/trac/ffmpeg/ticket/794", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two."}, {"lang": "es", "value": "La funci\u00f3n adpcm_decode_frame en adpcm.c en libavcodec de FFmpeg antes en v0.9.1 y v0.5.x antes en Libav v0.5.9, v0.6.x antes de v0.6.6, v0.7.x antes de v0.7.6, y v0.8.x antes de v0.8.3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (por ca\u00edda de la aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo ADPCM con el n\u00famero de canales distinto a dos.\r\n"}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D15FD45D-03F0-4EA0-9CEB-B7E7C62478D0", "versionEndIncluding": "0.9"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07669E0E-8C4B-430E-802F-F64EEA2B5A0B"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3EB7F17-F25D-4E48-8A43-F799619CE71F"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAA31D75-C3FB-4D89-8B2D-21372AAEB78B"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B20E5358-826C-47A2-B39F-ED4E9213BA95"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26321888-E140-4F09-AAA0-7392AA7F6307"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E46B9F3-A9C0-4B8A-A119-40CA4CBBD0EE"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44800572-71C5-4AA1-9CB6-30AA902B0353"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE9D7B73-9CDA-4BAE-8DD9-8E1E34C20648"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F428A2E4-A54F-4296-A00F-1A4E160253D7"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5239E4FA-0359-49F1-93D4-24AB013FAC20"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0C8230D-4E89-45F9-B0F7-E317119E0FA0"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "585CE7D2-1CE8-44AB-AE67-07D7D3721F68"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE81C339-A794-4303-B829-BE743DF0B132"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libav:libav:0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F27FF9C0-652E-42E8-90D0-B9B369DD6C8D"}, {"criteria": "cpe:2.3:a:libav:libav:0.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15F27211-2DFC-4488-93D2-9A3664E593AC"}, {"criteria": "cpe:2.3:a:libav:libav:0.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6418D3A-9972-4819-B2E6-2510438698A6"}, {"criteria": "cpe:2.3:a:libav:libav:0.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF17452C-ED28-4558-9C90-102DF5485103"}, {"criteria": "cpe:2.3:a:libav:libav:0.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CECEC54E-7014-447C-9174-8C2B026FF0B0"}, {"criteria": "cpe:2.3:a:libav:libav:0.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31BE32E4-9577-4BA7-A275-67A86DB7BCE2"}, {"criteria": "cpe:2.3:a:libav:libav:0.5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16A3CC3F-C294-4DB3-97AE-1CFBED14A8AF"}, {"criteria": "cpe:2.3:a:libav:libav:0.5.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E252038-F5E0-427F-8E59-FFD633497D09"}, {"criteria": "cpe:2.3:a:libav:libav:0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABD1BB7A-D6FF-4B80-9DA6-36D081FB41CE"}, {"criteria": "cpe:2.3:a:libav:libav:0.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "530C27CC-3250-4C94-8D88-F423FFD0BD4B"}, {"criteria": "cpe:2.3:a:libav:libav:0.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "936C1855-67FB-49C3-A20A-3FE331403366"}, {"criteria": "cpe:2.3:a:libav:libav:0.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92EB185C-1909-4359-B0C1-681E4ABEEECF"}, {"criteria": "cpe:2.3:a:libav:libav:0.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "136C7881-DB5A-4018-B01F-D2F9069F53D5"}, {"criteria": "cpe:2.3:a:libav:libav:0.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "090BF77B-A099-4ECD-A9BC-AAD4B499F4C4"}, {"criteria": "cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18053821-801F-4652-AA73-9FDC5F562BA8"}, {"criteria": "cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5322AE7-8CAD-45EF-9955-37D16EBBDD40"}, {"criteria": "cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFCDCA15-DF61-4150-96D7-10D68D07DAD2"}, {"criteria": "cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2D50C72-65B2-4490-9259-2A436207A72D"}, {"criteria": "cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3BCDD63-DECF-4494-BCA7-30BFEE7055D0"}, {"criteria": "cpe:2.3:a:libav:libav:0.7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3260A66-B1C9-42F0-841E-63FAB009F020"}, {"criteria": "cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4953EC2E-BCD6-41B5-AEB3-0D82C15363A6"}, {"criteria": "cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CEBE4E3-50F3-43CB-911F-E1B52C2B8B3A"}, {"criteria": "cpe:2.3:a:libav:libav:0.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86038BA1-9B14-4F12-9D61-B106E70F855C"}, {"criteria": "cpe:2.3:a:libav:libav:0.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84A42948-6239-4DEB-8BF0-39971D60207E"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

6.8 /10