First published: Mon Sep 10 2012(Updated: )
Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large order and an "out of array write in quant_cof."
Credit: cve-coordination@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
Libav | =0.8 | |
Libav | =0.8-beta2 | |
Libav | =0.8.1 | |
Libav | =0.8.2 | |
Libav | =0.8.3 | |
Libav | =0.7 | |
Libav | =0.7-beta1 | |
Libav | =0.7-beta2 | |
Libav | =0.7.1 | |
Libav | =0.7.2 | |
Libav | =0.7.3 | |
Libav | =0.7.4 | |
Libav | =0.7.5 | |
Libav | =0.7.6 | |
FFmpeg | <=0.10.4 | |
FFmpeg | =0.3 | |
FFmpeg | =0.3.1 | |
FFmpeg | =0.3.2 | |
FFmpeg | =0.3.3 | |
FFmpeg | =0.3.4 | |
FFmpeg | =0.4.0 | |
FFmpeg | =0.4.2 | |
FFmpeg | =0.4.3 | |
FFmpeg | =0.4.4 | |
FFmpeg | =0.4.5 | |
FFmpeg | =0.4.6 | |
FFmpeg | =0.4.7 | |
FFmpeg | =0.4.8 | |
FFmpeg | =0.4.9 | |
FFmpeg | =0.4.9-pre1 | |
FFmpeg | =0.5 | |
FFmpeg | =0.5.1 | |
FFmpeg | =0.5.2 | |
FFmpeg | =0.5.3 | |
FFmpeg | =0.5.4 | |
FFmpeg | =0.5.4.5 | |
FFmpeg | =0.5.4.6 | |
FFmpeg | =0.6 | |
FFmpeg | =0.6.1 | |
FFmpeg | =0.6.2 | |
FFmpeg | =0.6.3 | |
FFmpeg | =0.7 | |
FFmpeg | =0.7.1 | |
FFmpeg | =0.7.2 | |
FFmpeg | =0.7.3 | |
FFmpeg | =0.7.4 | |
FFmpeg | =0.7.5 | |
FFmpeg | =0.7.6 | |
FFmpeg | =0.7.7 | |
FFmpeg | =0.7.8 | |
FFmpeg | =0.7.9 | |
FFmpeg | =0.7.11 | |
FFmpeg | =0.7.12 | |
FFmpeg | =0.8.0 | |
FFmpeg | =0.8.1 | |
FFmpeg | =0.8.2 | |
FFmpeg | =0.8.5 | |
FFmpeg | =0.8.5.3 | |
FFmpeg | =0.8.5.4 | |
FFmpeg | =0.8.6 | |
FFmpeg | =0.8.7 | |
FFmpeg | =0.8.8 | |
FFmpeg | =0.8.10 | |
FFmpeg | =0.8.11 | |
FFmpeg | =0.9 | |
FFmpeg | =0.9.1 | |
FFmpeg | =0.10 | |
FFmpeg | =0.10.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2012-2775 has not been specified, but it involves an out-of-bounds write potential which could lead to undefined behavior.
To fix CVE-2012-2775, you should update FFmpeg to version 0.11 or later, or Libav to versions 0.7.7 or 0.8.4 and later.
CVE-2012-2775 is found in FFmpeg versions before 0.11 and Libav versions 0.7.x before 0.7.7 and 0.8.x before 0.8.4.
The potential impacts of CVE-2012-2775 include crashes, data corruption, and possibly remote code execution due to out-of-bounds writes.
As of the last reports, there is no publicly known exploit for CVE-2012-2775, but the vulnerability could be leveraged given its nature.