Input validation error in FFmpeg - CVE-2012-2796

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU43597

Input validation error in FFmpeg - CVE-2012-2796

Published: September 11, 2012 / Updated: June 8, 2025


Vulnerability identifier: #VU43597
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2012-2796
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: ffmpeg.sourceforge.net
Affected software:
FFmpeg

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to inconsistencies in "coded slice positions and interlacing" that trigger "out of array writes."


How to mitigate CVE-2012-2796

Install update from vendor's website.

Sources