Description
The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two.
References (8)
Core 8
Core References
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1479-1
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/02/14/4
Vendor Advisory x_refsource_confirm
https://ffmpeg.org/trac/ffmpeg/ticket/794
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2494
Patch x_refsource_confirm
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=608708009f69ba4cecebf05120c696167494c897
Vendor Advisory x_refsource_confirm
http://libav.org/
Various Sources x_refsource_confirm
http://ffmpeg.org/security.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/78932
Scores
EPSS
0.0228
EPSS Percentile
84.9%
Details
CWE
CWE-119
Status
published
Products (37)
ffmpeg/ffmpeg
0.7.1
ffmpeg/ffmpeg
0.7.2
ffmpeg/ffmpeg
0.7.7
ffmpeg/ffmpeg
0.7.8
ffmpeg/ffmpeg
0.7.9
ffmpeg/ffmpeg
0.7.11
ffmpeg/ffmpeg
0.7.12
ffmpeg/ffmpeg
0.8.5
ffmpeg/ffmpeg
0.8.6
ffmpeg/ffmpeg
0.8.7
... and 27 more
Published
Aug 20, 2012
Tracked Since
Feb 18, 2026