CVE-2012-0853

2012-02-1400:00:00

ubuntu.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.02

Percentile

89.2%

JSON

The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in
libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in
Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x
before 0.8.1 allows remote attackers to cause a denial of service (infinite
loop and crash) and possibly execute arbitrary code via a large component
count in an Atrac 3 file.

Bugs

<http://ffmpeg.org/trac/ffmpeg/ticket/780>

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchffmpeg< 4:0.5.9-0ubuntu0.10.04.1UNKNOWN
ubuntu11.04noarchlibav< 4:0.6.6-0ubuntu0.11.04.1UNKNOWN
ubuntu11.10noarchlibav< 4:0.7.6-0ubuntu0.11.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	ffmpeg	< 4:0.5.9-0ubuntu0.10.04.1	UNKNOWN
ubuntu	11.04	noarch	libav	< 4:0.6.6-0ubuntu0.11.04.1	UNKNOWN
ubuntu	11.10	noarch	libav	< 4:0.7.6-0ubuntu0.11.10.1	UNKNOWN