CVE-2012-6618
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
24/12/2013
Last modified:
11/04/2025
Description
The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient "frames to estimate rate."
Impact
Base Score 2.0
2.60
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* | 1.0.1 (including) | |
| cpe:2.3:a:ffmpeg:ffmpeg:1.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://article.gmane.org/gmane.comp.video.ffmpeg.user/42233
- http://git.libav.org/?p=libav.git%3Ba%3Dblob%3Bf%3DChangelog%3Bhb%3Drefs/tags/v9.11
- http://git.videolan.org/?p=ffmpeg.git%3Ba%3Dcommit%3Bh%3De74cd2f4706f71da5e9205003c1d8263b54ed3fb
- http://secunia.com/advisories/51964
- http://www.ffmpeg.org/security.html
- https://trac.ffmpeg.org/ticket/1991
- http://article.gmane.org/gmane.comp.video.ffmpeg.user/42233
- http://git.libav.org/?p=libav.git%3Ba%3Dblob%3Bf%3DChangelog%3Bhb%3Drefs/tags/v9.11
- http://git.videolan.org/?p=ffmpeg.git%3Ba%3Dcommit%3Bh%3De74cd2f4706f71da5e9205003c1d8263b54ed3fb
- http://secunia.com/advisories/51964
- http://www.ffmpeg.org/security.html
- https://trac.ffmpeg.org/ticket/1991