FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-0853

This CVE name corresponds to:

Entered Topic
2013-08-20 gstreamer-ffmpeg -- Multiple vulnerabilities in bundled libav

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2012-0853 at cve.mitre.org

Details

Type Candidate
Name CVE-2012-0853
Phase Assigned(20120119)

Description

The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (infinite loop and crash) and possibly execute arbitrary code via a large component count in an Atrac 3 file.

References

Source Reference
MLIST [oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1
CONFIRM http://ffmpeg.org/trac/ffmpeg/ticket/780
CONFIRM http://git.libav.org/?p=libav.git;a=commit;h=c509f4f74713b035a06f79cb4d00e708f5226bc5
CONFIRM http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9af6abdc17deb95c9b1f1d9242ba49b8b5e0b016
CONFIRM http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c509f4f74713b035a06f79cb4d00e708f5226bc5
UBUNTU USN-1479-1
SECUNIA 49089

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.