Lucene search
HistoryDec 12, 2012 - 11:38 a.m.
CVE-2012-5144
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7
Confidence
High
EPSS
0.012
Percentile
85.6%
Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to “an off-by-one overwrite when switching to LTP profile from MAIN.”
Affected configurations
Node
canonicalubuntu_linuxMatch11.10
ORcanonicalubuntu_linuxMatch12.04lts
ORcanonicalubuntu_linuxMatch12.10
Node
libavlibavMatch0.8
ORlibavlibavMatch0.8beta2
ORlibavlibavMatch0.8.1
ORlibavlibavMatch0.8.2
ORlibavlibavMatch0.8.3
ORlibavlibavMatch0.8.4
Node
googlechromeRange≤23.0.1271.96
ORgooglechromeMatch23.0.1271.0
ORgooglechromeMatch23.0.1271.1
ORgooglechromeMatch23.0.1271.2
ORgooglechromeMatch23.0.1271.3
ORgooglechromeMatch23.0.1271.4
ORgooglechromeMatch23.0.1271.5
ORgooglechromeMatch23.0.1271.6
ORgooglechromeMatch23.0.1271.7
ORgooglechromeMatch23.0.1271.8
ORgooglechromeMatch23.0.1271.9
ORgooglechromeMatch23.0.1271.10
ORgooglechromeMatch23.0.1271.11
ORgooglechromeMatch23.0.1271.12
ORgooglechromeMatch23.0.1271.13
ORgooglechromeMatch23.0.1271.14
ORgooglechromeMatch23.0.1271.15
ORgooglechromeMatch23.0.1271.16
ORgooglechromeMatch23.0.1271.17
ORgooglechromeMatch23.0.1271.18
ORgooglechromeMatch23.0.1271.19
ORgooglechromeMatch23.0.1271.20
ORgooglechromeMatch23.0.1271.21
ORgooglechromeMatch23.0.1271.22
ORgooglechromeMatch23.0.1271.23
ORgooglechromeMatch23.0.1271.24
ORgooglechromeMatch23.0.1271.26
ORgooglechromeMatch23.0.1271.30
ORgooglechromeMatch23.0.1271.31
ORgooglechromeMatch23.0.1271.32
ORgooglechromeMatch23.0.1271.33
ORgooglechromeMatch23.0.1271.35
ORgooglechromeMatch23.0.1271.36
ORgooglechromeMatch23.0.1271.37
ORgooglechromeMatch23.0.1271.38
ORgooglechromeMatch23.0.1271.39
ORgooglechromeMatch23.0.1271.40
ORgooglechromeMatch23.0.1271.41
ORgooglechromeMatch23.0.1271.44
ORgooglechromeMatch23.0.1271.45
ORgooglechromeMatch23.0.1271.46
ORgooglechromeMatch23.0.1271.49
ORgooglechromeMatch23.0.1271.50
ORgooglechromeMatch23.0.1271.51
ORgooglechromeMatch23.0.1271.52
ORgooglechromeMatch23.0.1271.53
ORgooglechromeMatch23.0.1271.54
ORgooglechromeMatch23.0.1271.55
ORgooglechromeMatch23.0.1271.56
ORgooglechromeMatch23.0.1271.57
ORgooglechromeMatch23.0.1271.58
ORgooglechromeMatch23.0.1271.59
ORgooglechromeMatch23.0.1271.60
ORgooglechromeMatch23.0.1271.61
ORgooglechromeMatch23.0.1271.62
ORgooglechromeMatch23.0.1271.64
ORgooglechromeMatch23.0.1271.83
ORgooglechromeMatch23.0.1271.84
ORgooglechromeMatch23.0.1271.85
ORgooglechromeMatch23.0.1271.86
ORgooglechromeMatch23.0.1271.87
ORgooglechromeMatch23.0.1271.88
ORgooglechromeMatch23.0.1271.89
ORgooglechromeMatch23.0.1271.91
ORgooglechromeMatch23.0.1271.92
ORgooglechromeMatch23.0.1271.93
ORgooglechromeMatch23.0.1271.94
ORgooglechromeMatch23.0.1271.95
Node
opensuseopensuseMatch12.1
ORopensuseopensuseMatch12.2
Node
libavlibavMatch0.7
ORlibavlibavMatch0.7beta1
ORlibavlibavMatch0.7beta2
ORlibavlibavMatch0.7.1
ORlibavlibavMatch0.7.2
ORlibavlibavMatch0.7.3
ORlibavlibavMatch0.7.4
ORlibavlibavMatch0.7.5
ORlibavlibavMatch0.7.6
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | 11.10 | cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:* |
| canonical | ubuntu_linux | 12.04 | cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* |
| canonical | ubuntu_linux | 12.10 | cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:* |
| libav | libav | 0.8 | cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:* |
| libav | libav | 0.8 | cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:* |
| libav | libav | 0.8.1 | cpe:2.3:a:libav:libav:0.8.1:*:*:*:*:*:*:* |
| libav | libav | 0.8.2 | cpe:2.3:a:libav:libav:0.8.2:*:*:*:*:*:*:* |
| libav | libav | 0.8.3 | cpe:2.3:a:libav:libav:0.8.3:*:*:*:*:*:*:* |
| libav | libav | 0.8.4 | cpe:2.3:a:libav:libav:0.8.4:*:*:*:*:*:*:* |
| chrome | * | cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* |
References
googlechromereleases.blogspot.com/2012/12/stable-channel-update.html
libav.org/releases/libav-0.7.7.changelog
libav.org/releases/libav-0.8.5.changelog
lists.opensuse.org/opensuse-updates/2012-12/msg00073.html
www.ubuntu.com/usn/USN-1705-1
code.google.com/p/chromium/issues/detail?id=161639
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16007
Related
debiancve
debiancve
CVE-2012-5144
2012-12-12 11:38:44
ubuntucve
ubuntucve
CVE-2012-5144
2012-12-12 00:00:00
prion
prion
Memory corruption
2012-12-12 11:38:00
cvelist
cvelist
CVE-2012-5144
2012-12-12 11:00:00
cve
cve
CVE-2012-5144
2012-12-12 11:38:44
nessus
nessus
FreeBSD : chromium -- multiple vulnerabilities (51f84e28-444e-11e2-8306-00262d5ed8ee)
2012-12-13 00:00:00
openSUSE Security Update : chromium (openSUSE-SU-2012:1682-1)
2014-06-13 00:00:00
Ubuntu 11.10 / 12.04 LTS / 12.10 : libav vulnerabilities (USN-1705-1)
2013-01-29 00:00:00
openvas
openvas
Google Chrome Multiple Vulnerabilities-03 (Dec 2012) - Mac OS X
2012-12-14 00:00:00
Google Chrome Multiple Vulnerabilities-03 (Dec 2012) - Linux
2012-12-14 00:00:00
Google Chrome Multiple Vulnerabilities-03 Dec2012 (Linux)
2012-12-14 00:00:00
threatpost
threatpost
Critical Vulnerability Fixed in Chrome 23
2012-12-11 20:45:25
chrome
chrome
Stable Channel Update
2012-12-11 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2012-12-11 00:00:00
gstreamer-ffmpeg -- Multiple vulnerabilities in bundled libav
2013-08-20 00:00:00
securityvulns
securityvulns
[USN-1705-1] Libav vulnerabilities
2013-02-04 00:00:00
libav / ffmpeg multiple security vulnerabilities
2013-02-04 00:00:00
ubuntu
ubuntu
Libav vulnerabilities
2013-01-28 00:00:00
gentoo
gentoo
Libav: Multiple vulnerabilities
2014-06-26 00:00:00
Chromium, V8: Multiple vulnerabilities
2013-09-24 00:00:00
osv
osv
chromedriver-55.0.2883.75-3.1 on GA media
2024-06-15 00:00:00
ungoogled-chromium-113.0.5672.92-1.1 on GA media
2024-06-15 00:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7
Confidence
High
EPSS
0.012
Percentile
85.6%
Related for NVD:CVE-2012-5144