CVE-2012-6618
libav - security update
EPSS 1.0%
Description
The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient "frames to estimate rate."
How to fix CVE-2012-6618
To remediate CVE-2012-6618, upgrade the affected package to a fixed version below.
- Debian/ffmpeg—upgrade to 7:2.4.1-1 or later
- Debian/libav—upgrade to 6:0.8.12-1 or later
Is CVE-2012-6618 being exploited?
Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 7:2.4.1-1
- from 0, < 6:0.8.12-1