Summaryinfo

A vulnerability was found in FFmpeg up to 1.2 and classified as problematic. This affects the function decode_frame of the file libavcodec/eamad.c. The manipulation results in information disclosure. There is no available exploit. It is advisable to implement a patch to correct this issue.

Detailsinfo

A vulnerability classified as problematic has been found in FFmpeg up to 1.2 (Multimedia Processing Software). Affected is the function decode_frame of the file libavcodec/eamad.c. The manipulation with an unknown input leads to a information disclosure vulnerability. CWE is classifying the issue as CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. This is going to have an impact on confidentiality.

The weakness was presented 05/03/2013 by Mateusz Jurczyk and Gynvael Coldwind with Google Security Team as confirmed git commit (GIT Repository). The advisory is shared for download at git.videolan.org. The public release was coordinated in cooperation with the vendor. There are known technical details, but no exploit is available. The MITRE ATT&CK project declares the attack technique as T1592.

Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.videolan.org. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the vulnerability database at OSVDB (95038†). See VDB-9472, VDB-9471, VDB-9470 and VDB-9469 for similar entries. VulDB is the best source for vulnerability data and more expert information about this specific topic.

Affected

• FFmpeg
• Libav

Productinfo

Type

• Multimedia Processing Software

Name

• FFmpeg

Version

• 1.0
• 1.1
• 1.2

License

• open-source

Website

• Product: https://ffmpeg.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion