CVE-2012-5144
Google Chrome <23.0.1271.97 & Libav 0.7.x<0.7.7 & 0.8.x<0.8.5 - DoS
Title source: llmDescription
Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrite when switching to LTP profile from MAIN."
References (7)
Core 7
Core References
Release Notes x_refsource_confirm
http://libav.org/releases/libav-0.8.5.changelog
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16007
Release Notes, Vendor Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2012/12/stable-channel-update.html
Issue Tracking x_refsource_confirm
https://code.google.com/p/chromium/issues/detail?id=161639
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2012-12/msg00073.html
Release Notes x_refsource_confirm
http://libav.org/releases/libav-0.7.7.changelog
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1705-1
Scores
EPSS
0.0353
EPSS Percentile
87.9%
Details
CWE
CWE-119
Status
published
Products (50)
canonical/ubuntu_linux
11.10
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
12.10
google/chrome
23.0.1271.0
google/chrome
23.0.1271.1
google/chrome
23.0.1271.2
google/chrome
23.0.1271.3
google/chrome
23.0.1271.4
google/chrome
23.0.1271.5
google/chrome
23.0.1271.6
... and 40 more
Published
Dec 12, 2012
Tracked Since
Feb 18, 2026