Vulnerability Details : CVE-2012-6615
The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a subtitle dialog without text.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2012-6615
- cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-6615
0.70%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-6615
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
References for CVE-2012-6615
-
https://trac.ffmpeg.org/ticket/2048
#2048 (reproducible crash on some subtitles in ff_ass_split_override_codes()) – FFmpeg
-
http://www.ffmpeg.org/security.html
FFmpeg Security
-
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=20c121c00747d6c3b0b0f98deeff021171b2ed74
git.videolan.org Git - ffmpeg.git/commitdiffExploit;Patch
Jump to