VulDB: Ffmpeg up to 0.9.3 buffer overflow [CVE-2012-0859]
General
scipID: 5570
Affected: Ffmpeg up to 0.9.3
Published: 06/19/2012
Risk: 
critical
Entry: 82.8% complete
Created: 06/22/2012
Updated: 09/03/2012
Summary
A vulnerability, which was classified as critical, has been found in Ffmpeg up to 0.9.3. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a buffer overflow vulnerability. Impacted is confidentiality, integrity, and availability.
The weakness was published 06/19/2012 as USN-1479-1 as advisory (Website). The advisory is shared for download at ubuntu.com. This vulnerability is handled as CVE-2012-0859 since 01/19/2012. The attack may be launched remotely. No form of authentication is required for exploitation. The technical details are unknown and an exploit is not available.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at gitorious.org. A possible mitigation has been published before and not just after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (83055) and Secunia (SA49621).CVSS
Base Score: 9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Buffer overflow
Local: No
Remote: Yes
Availability: No
Countermeasures
Recommended: Patch
0-Day Time: 0 days since found
Patch: gitorious.org
Timeline
01/04/2012 | Countermeasure disclosed
01/19/2012 | CVE assigned
06/19/2012 | Advisory disclosed
06/20/2012 | OSVDB entry created
06/22/2012 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: USN-1479-1
OSVDB: 83055
CVE: CVE-2012-0859 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 49621
