ID CVE-2012-2796
Summary Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to inconsistencies in "coded slice positions and interlacing" that trigger "out of array writes."
References
Vulnerable Configurations
  • FFmpeg 0.3
    cpe:2.3:a:ffmpeg:ffmpeg:0.3
  • FFmpeg 0.3.1
    cpe:2.3:a:ffmpeg:ffmpeg:0.3.1
  • FFmpeg 0.3.2
    cpe:2.3:a:ffmpeg:ffmpeg:0.3.2
  • FFmpeg 0.3.3
    cpe:2.3:a:ffmpeg:ffmpeg:0.3.3
  • FFmpeg 0.3.4
    cpe:2.3:a:ffmpeg:ffmpeg:0.3.4
  • FFmpeg 0.4.0
    cpe:2.3:a:ffmpeg:ffmpeg:0.4.0
  • FFmpeg 0.4.2
    cpe:2.3:a:ffmpeg:ffmpeg:0.4.2
  • FFmpeg 0.4.3
    cpe:2.3:a:ffmpeg:ffmpeg:0.4.3
  • FFmpeg 0.4.4
    cpe:2.3:a:ffmpeg:ffmpeg:0.4.4
  • FFmpeg 0.4.5
    cpe:2.3:a:ffmpeg:ffmpeg:0.4.5
  • FFmpeg 0.4.6
    cpe:2.3:a:ffmpeg:ffmpeg:0.4.6
  • FFmpeg 0.4.7
    cpe:2.3:a:ffmpeg:ffmpeg:0.4.7
  • FFmpeg 0.4.8
    cpe:2.3:a:ffmpeg:ffmpeg:0.4.8
  • cpe:2.3:a:ffmpeg:ffmpeg:0.4.9
    cpe:2.3:a:ffmpeg:ffmpeg:0.4.9
  • FFmpeg 0.4.9 pre1
    cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1
  • FFmpeg 0.5
    cpe:2.3:a:ffmpeg:ffmpeg:0.5
  • FFmpeg 0.5.1
    cpe:2.3:a:ffmpeg:ffmpeg:0.5.1
  • FFmpeg 0.5.2
    cpe:2.3:a:ffmpeg:ffmpeg:0.5.2
  • FFmpeg 0.5.3
    cpe:2.3:a:ffmpeg:ffmpeg:0.5.3
  • FFmpeg 0.5.4
    cpe:2.3:a:ffmpeg:ffmpeg:0.5.4
  • FFmpeg 0.5.4.5
    cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5
  • FFmpeg 0.5.4.6
    cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6
  • FFmpeg 0.6
    cpe:2.3:a:ffmpeg:ffmpeg:0.6
  • FFmpeg 0.6.1
    cpe:2.3:a:ffmpeg:ffmpeg:0.6.1
  • FFmpeg 0.6.2
    cpe:2.3:a:ffmpeg:ffmpeg:0.6.2
  • FFmpeg 0.6.3
    cpe:2.3:a:ffmpeg:ffmpeg:0.6.3
  • FFmpeg 0.7
    cpe:2.3:a:ffmpeg:ffmpeg:0.7
  • FFmpeg 0.7.1
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.1
  • FFmpeg 0.7.2
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.2
  • FFmpeg 0.7.3
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.3
  • FFmpeg 0.7.4
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.4
  • FFmpeg 0.7.5
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.5
  • FFmpeg 0.7.6
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.6
  • FFmpeg 0.7.7
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.7
  • FFmpeg 0.7.8
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.8
  • FFmpeg 0.7.9
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.9
  • FFmpeg 0.7.11
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.11
  • FFmpeg 0.7.12
    cpe:2.3:a:ffmpeg:ffmpeg:0.7.12
  • FFmpeg 0.8.0
    cpe:2.3:a:ffmpeg:ffmpeg:0.8.0
  • FFmpeg 0.8.1
    cpe:2.3:a:ffmpeg:ffmpeg:0.8.1
  • FFmpeg 0.8.2
    cpe:2.3:a:ffmpeg:ffmpeg:0.8.2
  • FFmpeg 0.8.5
    cpe:2.3:a:ffmpeg:ffmpeg:0.8.5
  • FFmpeg 0.8.5.3
    cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3
  • FFmpeg 0.8.5.4
    cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4
  • FFmpeg 0.8.6
    cpe:2.3:a:ffmpeg:ffmpeg:0.8.6
  • FFmpeg 0.8.7
    cpe:2.3:a:ffmpeg:ffmpeg:0.8.7
  • FFmpeg 0.8.8
    cpe:2.3:a:ffmpeg:ffmpeg:0.8.8
  • FFmpeg 0.8.10
    cpe:2.3:a:ffmpeg:ffmpeg:0.8.10
  • FFmpeg 0.8.11
    cpe:2.3:a:ffmpeg:ffmpeg:0.8.11
  • FFmpeg FFmpeg 0.9
    cpe:2.3:a:ffmpeg:ffmpeg:0.9
  • FFmpeg FFmpeg 0.9.1
    cpe:2.3:a:ffmpeg:ffmpeg:0.9.1
  • FFmpeg 0.10
    cpe:2.3:a:ffmpeg:ffmpeg:0.10
  • FFmpeg 0.10.3
    cpe:2.3:a:ffmpeg:ffmpeg:0.10.3
  • FFmpeg 0.10.4
    cpe:2.3:a:ffmpeg:ffmpeg:0.10.4
  • libav 0.8 -
    cpe:2.3:a:libav:libav:0.8
  • libav 0.8 beta2
    cpe:2.3:a:libav:libav:0.8:beta2
  • libav 0.8.1
    cpe:2.3:a:libav:libav:0.8.1
  • libav 0.8.2
    cpe:2.3:a:libav:libav:0.8.2
  • libav 0.8.3
    cpe:2.3:a:libav:libav:0.8.3
CVSS
Base: 10.0 (as of 08-10-2013 - 12:02)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-079.NASL
    description Updated ffmpeg packages fix security vulnerabilities : h264: Add check for invalid chroma_format_idc (CVE-2012-0851) h263dec: Disallow width/height changing with frame threads (CVE-2011-3937) vc1dec: check that coded slice positions and interlacing match. This fixes out of array writes (CVE-2012-2796) alsdec: fix number of decoded samples in first sub-block in BGMC mode (CVE-2012-2790) cavsdec: check for changing w/h. Our decoder does not support changing w/h (CVE-2012-2777, CVE-2012-2784) indeo4: update AVCodecContext width/height on size change (CVE-2012-2787) avidec: use actually read size instead of requested size (CVE-2012-2788) wmaprodec: check num_vec_coeffs for validity (CVE-2012-2789) lagarith: check count before writing zeros (CVE-2012-2793) indeo3: fix out of cell write (CVE-2012-2776) indeo5: check tile size in decode_mb_info\(\). This prevents writing into a too small array if some parameters changed without the tile being reallocated (CVE-2012-2794) indeo5dec: Make sure we have had a valid gop header. This prevents decoding happening on a half initialized context (CVE-2012-2779) indeo4/5: check empty tile size in decode_mb_info\(\). This prevents writing into a too small array if some parameters changed without the tile being reallocated (CVE-2012-2800) dfa: improve boundary checks in decode_dds1\(\) (CVE-2012-2798) dfa: check that the caller set width/height properly (CVE-2012-2786) avsdec: Set dimensions instead of relying on the demuxer. The decode function assumes that the video will have those dimensions (CVE-2012-2801) ac3dec: ensure get_buffer\(\) gets a buffer for the correct number of channels (CVE-2012-2802) rv34: error out on size changes with frame threading (CVE-2012-2772) alsdec: check opt_order. Fixes out of array write in quant_cof. Also make sure no invalid opt_order stays in the context (CVE-2012-2775) This updates ffmpeg to version 0.10.6 which contains the security fixes above as well as other bug fixes.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 66093
    published 2013-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66093
    title Mandriva Linux Security Advisory : ffmpeg (MDVSA-2013:079)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1630-1.NASL
    description It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 62900
    published 2012-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62900
    title Ubuntu 12.04 LTS / 12.10 : libav vulnerabilities (USN-1630-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201406-28.NASL
    description The remote host is affected by the vulnerability described in GLSA-201406-28 (Libav: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Libav. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted media file in an application linked against Libav, possibly resulting in execution of arbitrary code with the privileges of the application or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 76272
    published 2014-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76272
    title GLSA-201406-28 : Libav: Multiple vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201310-12.NASL
    description The remote host is affected by the vulnerability described in GLSA-201310-12 (FFmpeg: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers and FFmpeg changelogs referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted media file, possibly leading to the execution of arbitrary code with the privileges of the user running the application or a Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 70647
    published 2013-10-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70647
    title GLSA-201310-12 : FFmpeg: Multiple vulnerabilities
refmap via4
bid 55355
confirm
mandriva MDVSA-2013:079
mlist
  • [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?
  • [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?
secunia
  • 50468
  • 51257
Last major update 13-12-2013 - 00:01
Published 10-09-2012 - 18:55
Last modified 30-10-2018 - 12:25
Back to Top