Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2012-0852 | First vendor Publication | 2012-08-20 |
| Vendor | Cve | Last vendor Modification | 2023-11-07 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 6.8 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0852 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:20187 | |||
| Oval ID: | oval:org.mitre.oval:def:20187 | ||
| Title: | DSA-2494-1 ffmpeg - several | ||
| Description: | It was discovered that FFmpeg, Debian's version of the Libav media codec suite, contains vulnerabilities in the DPCM codecs (<a href="http://security-tracker.debian.org/tracker/CVE-2011-3951">CVE-2011-3951</a>), H.264 (<a href="http://security-tracker.debian.org/tracker/CVE-2012-0851">CVE-2012-0851</a>), ADPCM (<a href="http://security-tracker.debian.org/tracker/CVE-2012-0852">CVE-2012-0852</a>), and the KMVC decoder (<a href="http://security-tracker.debian.org/tracker/CVE-2011-3952">CVE-2011-3952</a>). | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2494-1 CVE-2011-3951 CVE-2011-3952 CVE-2012-0851 CVE-2012-0852 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | ffmpeg |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-10-22 | Name : Gentoo Security Advisory GLSA 201210-06 (libav) File : nvt/glsa_201210_06.nasl |
| 2012-08-10 | Name : Debian Security Advisory DSA 2494-1 (ffmpeg) File : nvt/deb_2494_1.nasl |
| 2012-06-19 | Name : Ubuntu Update for libav USN-1478-1 File : nvt/gb_ubuntu_USN_1478_1.nasl |
| 2012-06-19 | Name : Ubuntu Update for ffmpeg USN-1479-1 File : nvt/gb_ubuntu_USN_1479_1.nasl |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-08-21 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_4d087b35099011e3a9f4bcaec565249c.nasl - Type : ACT_GATHER_INFO |
| 2012-10-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201210-06.nasl - Type : ACT_GATHER_INFO |
| 2012-06-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2494.nasl - Type : ACT_GATHER_INFO |
| 2012-06-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1478-1.nasl - Type : ACT_GATHER_INFO |
| 2012-06-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1479-1.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2023-11-07 21:46:51 |
|
| 2021-05-04 12:19:19 |
|
| 2021-04-22 01:23:03 |
|
| 2020-05-23 01:48:13 |
|
| 2020-05-23 00:33:00 |
|
| 2018-10-31 01:04:12 |
|
| 2018-09-15 01:04:02 |
|
| 2017-08-29 09:23:43 |
|
| 2016-06-28 19:01:42 |
|
| 2016-04-26 21:33:46 |
|
| 2014-02-17 11:08:25 |
|
| 2013-05-10 22:34:08 |
|
| 2013-01-30 13:21:18 |
|
