CVE Reference: CVE-2012-6618

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2012-6618

Description:
The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient "frames to estimate rate."

CVE Status:
Candidate

References:

SAID
  Secunia Advisory: SA51964

MLIST
  http://article.gmane.org/gmane.comp.video.ffmpeg.user/42233

CONFIRM
  http://www.ffmpeg.org/security.html
  http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e74cd2f4706f71da5e9205003c1d8263b54ed3fb
  http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v9.11


Return to the previous page.