Description
Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to inconsistencies in "coded slice positions and interlacing" that trigger "out of array writes."
References (9)
Core 9
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/09/02/4
Patch x_refsource_confirm
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=5e59a77cec804a9b44c60ea22c17beba6453ef23
Release Notes x_refsource_confirm
http://libav.org/releases/libav-0.8.4.changelog
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/55355
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:079
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/08/31/3
Various Sources x_refsource_confirm
http://ffmpeg.org/security.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/50468
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/51257
Scores
EPSS
0.0084
EPSS Percentile
74.9%
Details
Status
published
Products (49)
ffmpeg/ffmpeg
0.3
ffmpeg/ffmpeg
0.3.1
ffmpeg/ffmpeg
0.3.2
ffmpeg/ffmpeg
0.3.3
ffmpeg/ffmpeg
0.3.4
ffmpeg/ffmpeg
0.4.0
ffmpeg/ffmpeg
0.4.2
ffmpeg/ffmpeg
0.4.3
ffmpeg/ffmpeg
0.4.4
ffmpeg/ffmpeg
0.4.5
... and 39 more
Published
Sep 10, 2012
Tracked Since
Feb 18, 2026