CVE-2012-0947
Gentoo Linux Security Advisory 201310-12
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec (vqavideo.c) in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VQA media file in which the image size is not a multiple of the block size.
Un desbordamiento de búfer basado en memoria dinámica ('heap') en la función vqa_decode_chunk en el códec VQA (vqavideo.c) en libavcodec en Libav v0.5.x antes de v0.5.9, v0.6.x antes de v0.6.6, v0.7.x antes de v0.7.6 y v0.8.x antes de v0.8.2 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código de su elección a través de un archivo multimedia VQA modificado en el que el tamaño de la imagen no es múltiplo del tamaño del bloque.
Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. Versions less than 1.0.7 are affected.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-02-01 CVE Reserved
- 2012-08-20 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=58b2e0f0f2fc96c1158e04f8aba95cbe6157a1a3 | X_refsource_confirm | |
| http://libav.org | X_refsource_confirm | |
| http://secunia.com/advisories/49089 | Third Party Advisory | |
| http://www.openwall.com/lists/oss-security/2012/05/03/4 | Mailing List |
|
| http://www.securityfocus.com/bid/53389 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://bugs.launchpad.net/ubuntu/+source/libav/+bug/980963 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2012/dsa-2471 | 2023-11-07 | |
| http://www.ubuntu.com/usn/USN-1479-1 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libav Search vendor "Libav" | Libav Search vendor "Libav" for product "Libav" | 0.5 Search vendor "Libav" for product "Libav" and version "0.5" | - |
Affected
| ||||||
| Libav Search vendor "Libav" | Libav Search vendor "Libav" for product "Libav" | 0.5.1 Search vendor "Libav" for product "Libav" and version "0.5.1" | - |
Affected
| ||||||
| Libav Search vendor "Libav" | Libav Search vendor "Libav" for product "Libav" | 0.5.2 Search vendor "Libav" for product "Libav" and version "0.5.2" | - |
Affected
| ||||||
| Libav Search vendor "Libav" | Libav Search vendor "Libav" for product "Libav" | 0.5.3 Search vendor "Libav" for product "Libav" and version "0.5.3" | - |
Affected
| ||||||
| Libav Search vendor "Libav" | Libav Search vendor "Libav" for product "Libav" | 0.5.4 Search vendor "Libav" for product "Libav" and version "0.5.4" | - |
Affected
| ||||||
| Libav Search vendor "Libav" | Libav Search vendor "Libav" for product "Libav" | 0.5.5 Search vendor "Libav" for product "Libav" and version "0.5.5" | - |
Affected
| ||||||
| Libav Search vendor "Libav" | Libav Search vendor "Libav" for product "Libav" | 0.5.6 Search vendor "Libav" for product "Libav" and version "0.5.6" | - |
Affected
| ||||||
| Libav Search vendor "Libav" | Libav Search vendor "Libav" for product "Libav" | 0.5.7 Search vendor "Libav" for product "Libav" and version "0.5.7" | - |
Affected
| ||||||
| Libav Search vendor "Libav" | Libav Search vendor "Libav" for product "Libav" | 0.6 Search vendor "Libav" for product "Libav" and version "0.6" | - |
Affected
| ||||||
| Libav Search vendor "Libav" | Libav Search vendor "Libav" for product "Libav" | 0.6.1 Search vendor "Libav" for product "Libav" and version "0.6.1" | - |
Affected
| ||||||
| Libav Search vendor "Libav" | Libav Search vendor "Libav" for product "Libav" | 0.6.2 Search vendor "Libav" for product "Libav" and version "0.6.2" | - |
Affected
| ||||||
| Libav Search vendor "Libav" | Libav Search vendor "Libav" for product "Libav" | 0.6.3 Search vendor "Libav" for product "Libav" and version "0.6.3" | - |
Affected
| ||||||
| Libav Search vendor "Libav" | Libav Search vendor "Libav" for product "Libav" | 0.6.4 Search vendor "Libav" for product "Libav" and version "0.6.4" | - |
Affected
| ||||||
| Libav Search vendor "Libav" | Libav Search vendor "Libav" for product "Libav" | 0.6.5 Search vendor "Libav" for product "Libav" and version "0.6.5" | - |
Affected
| ||||||
| Libav Search vendor "Libav" | Libav Search vendor "Libav" for product "Libav" | 0.7 Search vendor "Libav" for product "Libav" and version "0.7" | - |
Affected
| ||||||
| Libav Search vendor "Libav" | Libav Search vendor "Libav" for product "Libav" | 0.7 Search vendor "Libav" for product "Libav" and version "0.7" | beta1 |
Affected
| ||||||
| Libav Search vendor "Libav" | Libav Search vendor "Libav" for product "Libav" | 0.7 Search vendor "Libav" for product "Libav" and version "0.7" | beta2 |
Affected
| ||||||
| Libav Search vendor "Libav" | Libav Search vendor "Libav" for product "Libav" | 0.7.1 Search vendor "Libav" for product "Libav" and version "0.7.1" | - |
Affected
| ||||||
| Libav Search vendor "Libav" | Libav Search vendor "Libav" for product "Libav" | 0.7.2 Search vendor "Libav" for product "Libav" and version "0.7.2" | - |
Affected
| ||||||
| Libav Search vendor "Libav" | Libav Search vendor "Libav" for product "Libav" | 0.7.3 Search vendor "Libav" for product "Libav" and version "0.7.3" | - |
Affected
| ||||||
| Libav Search vendor "Libav" | Libav Search vendor "Libav" for product "Libav" | 0.7.4 Search vendor "Libav" for product "Libav" and version "0.7.4" | - |
Affected
| ||||||
| Libav Search vendor "Libav" | Libav Search vendor "Libav" for product "Libav" | 0.7.5 Search vendor "Libav" for product "Libav" and version "0.7.5" | - |
Affected
| ||||||
| Libav Search vendor "Libav" | Libav Search vendor "Libav" for product "Libav" | 0.8 Search vendor "Libav" for product "Libav" and version "0.8" | - |
Affected
| ||||||
| Libav Search vendor "Libav" | Libav Search vendor "Libav" for product "Libav" | 0.8 Search vendor "Libav" for product "Libav" and version "0.8" | beta2 |
Affected
| ||||||
| Libav Search vendor "Libav" | Libav Search vendor "Libav" for product "Libav" | 0.8.1 Search vendor "Libav" for product "Libav" and version "0.8.1" | - |
Affected
| ||||||