10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.006 Low
EPSS
Percentile
78.6%
Unspecified vulnerability in the ac3_decode_frame function in
libavcodec/ac3dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has
unknown impact and attack vectors, related to the “number of output
channels” and “out of array writes.”
Author | Note |
---|---|
mdeslaur | ffmpeg-extra in multiverse needs to have matching version libav-extra is built with tarball produced by libav package cannot locate equivalent libav patch, even though 0.8.4 is supposed to fix it. libav 0.8.5 also says it fixes it, but still cannot locate patch |
jdstrand | looking at the logic in the videolan patch and the code in ffmpeg, this may not affect the version of ffmpeg in Ubuntu 10.04 LTS |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 11.10 | noarch | libav | < 4:0.7.6-0ubuntu0.11.10.3 | UNKNOWN |
ubuntu | 12.04 | noarch | libav | < 4:0.8.4-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 12.10 | noarch | libav | < 6:0.8.4-0ubuntu0.12.10.1 | UNKNOWN |
ubuntu | 13.04 | noarch | libav | < 6:0.8.4-0ubuntu0.12.10.1 | UNKNOWN |
ubuntu | 13.10 | noarch | libav | < 6:0.8.4-0ubuntu0.12.10.1 | UNKNOWN |
ubuntu | 11.10 | noarch | libav-extra | < 4:0.7.6ubuntu0.11.10.3 | UNKNOWN |
ubuntu | 12.04 | noarch | libav-extra | < 4:0.8.4ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 12.10 | noarch | libav-extra | < 6:0.8.4ubuntu0.12.10.1 | UNKNOWN |
ubuntu | 13.04 | noarch | libav-extra | < 6:0.8.4ubuntu0.12.10.1 | UNKNOWN |
ubuntu | 13.10 | noarch | libav-extra | < 6:0.8.4ubuntu0.12.10.1 | UNKNOWN |
ffmpeg.org/security.html
git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2c22701c371c2f3dea21fcdbb97c981939fb77af
secunia.com/advisories/50468
www.openwall.com/lists/oss-security/2012/08/31/3
www.openwall.com/lists/oss-security/2012/09/02/4
launchpad.net/bugs/cve/CVE-2012-2802
nvd.nist.gov/vuln/detail/CVE-2012-2802
security-tracker.debian.org/tracker/CVE-2012-2802
ubuntu.com/security/notices/USN-1630-1
ubuntu.com/security/notices/USN-1705-1
www.cve.org/CVERecord?id=CVE-2012-2802