CVE-2012-6618
Published: 24 December 2013
The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient "frames to estimate rate."
Priority
Status
Package | Release | Status |
---|---|---|
libav Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
trusty |
Needs triage
|
|
hirsute |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
jammy |
Does not exist
|
|
upstream |
Released
(6:9.11-1)
|
|
xenial |
Does not exist
|
|
mantic |
Does not exist
|
|
qtwebengine-opensource-src Launchpad, Ubuntu, Debian |
groovy |
Ignored
(end of life)
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
hirsute |
Ignored
(end of life)
|
|
bionic |
Needs triage
|
|
focal |
Needs triage
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
mantic |
Needs triage
|
|
lunar |
Ignored
(end of life, was needs-triage)
|
|
ffmpeg Launchpad, Ubuntu, Debian |
hirsute |
Not vulnerable
|
xenial |
Not vulnerable
(7:2.8.6-1ubuntu2)
|
|
kinetic |
Not vulnerable
(7:4.4.1-3ubuntu2)
|
|
lunar |
Not vulnerable
(7:4.4.1-3ubuntu2)
|
|
bionic |
Not vulnerable
(7:3.4.2-2)
|
|
focal |
Not vulnerable
(7:4.2.2-1ubuntu1)
|
|
groovy |
Not vulnerable
|
|
impish |
Not vulnerable
(7:4.4-6ubuntu5)
|
|
jammy |
Not vulnerable
(7:4.4.1-3ubuntu2)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(7:2.4.1-1)
|
|
mantic |
Not vulnerable
(7:4.4.1-3ubuntu2)
|
|
Patches: upstream: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=e74cd2f4706f71da5e9205003c1d8263b54ed3fb |