Description
Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file.
References (7)
Core 7
Core References
Patch x_refsource_confirm
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=b57d262412204e54a7ef8fa1b23ff4dcede622e5
Various Sources x_refsource_confirm
http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=b57d262412204e54a7ef8fa1b23ff4dcede622e5
Various Sources x_refsource_confirm
http://ffmpeg.org/
Various Sources x_refsource_confirm
http://libav.org/
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1479-1
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49089
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2471
Scores
EPSS
0.0301
EPSS Percentile
86.8%
Details
CWE
CWE-119
Status
published
Products (32)
ffmpeg/ffmpeg
0.7.1
ffmpeg/ffmpeg
0.7.2
ffmpeg/ffmpeg
0.7.6
ffmpeg/ffmpeg
0.7.7
ffmpeg/ffmpeg
0.7.8
ffmpeg/ffmpeg
0.7.9
ffmpeg/ffmpeg
0.7.11
ffmpeg/ffmpeg
0.8.5
ffmpeg/ffmpeg
0.8.6
ffmpeg/ffmpeg
0.8.7
... and 22 more
Published
Aug 20, 2012
Tracked Since
Feb 18, 2026