CVE-2012-2796

critical

Description

Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to inconsistencies in "coded slice positions and interlacing" that trigger "out of array writes."

References

http://www.securityfocus.com/bid/55355

http://www.openwall.com/lists/oss-security/2012/09/02/4

http://www.openwall.com/lists/oss-security/2012/08/31/3

http://www.mandriva.com/security/advisories?name=MDVSA-2013:079

http://secunia.com/advisories/51257

http://secunia.com/advisories/50468

http://libav.org/releases/libav-0.8.4.changelog

http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=5e59a77cec804a9b44c60ea22c17beba6453ef23

http://ffmpeg.org/security.html

Details

Source: Mitre, NVD

Published: 2012-09-10

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical