CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
72.1%
The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2
does not initialize certain context data, which allows remote attackers to
cause a denial of service (segmentation violation) or possibly have
unspecified other impact via crafted Apple Lossless Audio Codec (ALAC)
data.
Author | Note |
---|---|
mdeslaur | libav in precise doesn’t look vulnerable |
ebarretto | as of 2018-09-27, no equivalent fix in libav |