CVE-2012-5144

2012-12-1211:38:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2012-5144

google chrome

libav

aac decoding

vulnerability

remote attack

denial of service

7 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.012 Low

EPSS

Percentile

85.4%

JSON

Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to “an off-by-one overwrite when switching to LTP profile from MAIN.”

CPENameOperatorVersion
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq11.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.10
libav:libavlibaveq0.8
libav:libavlibaveq0.8.1
libav:libavlibaveq0.8.2
libav:libavlibaveq0.8.3
libav:libavlibaveq0.8.4
google:chromegoogle chromeeq23.0.1271.87
google:chromegoogle chromeeq23.0.1271.58

CPE	Name	Operator	Version
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	11.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.10
libav:libav	libav	eq	0.8
libav:libav	libav	eq	0.8.1
libav:libav	libav	eq	0.8.2
libav:libav	libav	eq	0.8.3
libav:libav	libav	eq	0.8.4
google:chrome	google chrome	eq	23.0.1271.87
google:chrome	google chrome	eq	23.0.1271.58