CVE-2012-2795
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
74.6%
Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors related to (1) size of “mclms arrays,” (2) “a get_bits(0) in decode_ac_filter,” and (3) “too many bits in decode_channel_residues().”
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ffmpeg | ffmpeg | * | cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* |
| ffmpeg | ffmpeg | 0.3 | cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:* |
| ffmpeg | ffmpeg | 0.3.1 | cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:* |
| ffmpeg | ffmpeg | 0.3.2 | cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:* |
| ffmpeg | ffmpeg | 0.3.3 | cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:* |
| ffmpeg | ffmpeg | 0.3.4 | cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:* |
| ffmpeg | ffmpeg | 0.4.0 | cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:* |
| ffmpeg | ffmpeg | 0.4.2 | cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:* |
| ffmpeg | ffmpeg | 0.4.3 | cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:* |
| ffmpeg | ffmpeg | 0.4.4 | cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:* |
References
ffmpeg.org/security.html
git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=2a7063de547b1d8fb1cef523469390fb59fb2c50
git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=a0abefb0af64a311b15141062c77dd577ba590a3
git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=b3a43515827f3d22a881c33b87384f01c86786fd
secunia.com/advisories/50468
www.openwall.com/lists/oss-security/2012/08/31/3
www.openwall.com/lists/oss-security/2012/09/02/4
www.securityfocus.com/bid/55355
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
74.6%