CVE-2012-5144

Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrite when switching to LTP profile from MAIN."

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://code.google.com/p/chromium/issues/detail?id=161639	Patch Issue Tracking
http://googlechromereleases.blogspot.com/2012/12/stable-channel-update.html	Vendor Advisory
http://www.ubuntu.com/usn/USN-1705-1	Third Party Advisory
http://libav.org/releases/libav-0.8.5.changelog	Vendor Advisory
http://libav.org/releases/libav-0.7.7.changelog	Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2012-12/msg00073.html	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16007

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:libav:libav:0.8:::::::*
	cpe:2.3:a:libav:libav:0.8.2:::::::*
	cpe:2.3:a:libav:libav:0.8.3:::::::*
	cpe:2.3:a:libav:libav:0.8:beta2::::::
	cpe:2.3:a:libav:libav:0.8.1:::::::*
	cpe:2.3:a:libav:libav:0.8.4:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:google:chrome:23.0.1271.0:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.8:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.15:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.16:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.23:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.24:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.61:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.60:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.59:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.56:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.55:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.87:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.19:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.51:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.92:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.12:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.49:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.3:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.52:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.88:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.84:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.26:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.35:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.11:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.33:::::::*
	cpe:2.3:a:google:chrome::::::::
	cpe:2.3:a:google:chrome:23.0.1271.41:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.4:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.20:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.38:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.83:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.44:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.32:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.58:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.45:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.18:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.17:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.86:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.1:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.6:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.10:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.46:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.54:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.39:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.85:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.91:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.57:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.14:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.31:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.93:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.9:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.62:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.2:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.7:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.22:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.37:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.40:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.30:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.36:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.13:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.94:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.21:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.64:::::::*
	cpe:2.3:a:google:chrome:23.0.1271.53:::::::*
cpe:2.3:a:google:chrome:23.0.1271.95:::::::*
cpe:2.3:a:google:chrome:23.0.1271.50:::::::*
cpe:2.3:a:google:chrome:23.0.1271.5:::::::*
cpe:2.3:a:google:chrome:23.0.1271.89:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:opensuse:opensuse:12.1:::::::*
	cpe:2.3:o:opensuse:opensuse:12.2:::::::*

Configuration 5 (hide)

OR	cpe:2.3:a:libav:libav:0.7.2:::::::*
	cpe:2.3:a:libav:libav:0.7.3:::::::*
	cpe:2.3:a:libav:libav:0.7:::::::*
	cpe:2.3:a:libav:libav:0.7.6:::::::*
	cpe:2.3:a:libav:libav:0.7.4:::::::*
	cpe:2.3:a:libav:libav:0.7.5:::::::*
	cpe:2.3:a:libav:libav:0.7:beta1::::::
	cpe:2.3:a:libav:libav:0.7:beta2::::::
	cpe:2.3:a:libav:libav:0.7.1:::::::*

Information

Published : 2012-12-12 03:38

Updated : 2018-10-30 09:27

NVD link : CVE-2012-5144

Mitre link : CVE-2012-5144

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

canonical

ubuntu_linux

opensuse

opensuse

google

chrome

libav

libav

10.0 /10