Vulnerability Details : CVE-2012-2882
FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle OGG containers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "wild pointer" issue.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2012-2882
Probability of exploitation activity in the next 30 days: 0.99%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-2882
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2012-2882
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2882
-
https://src.chromium.org/viewvc/chrome?view=rev&revision=150239
[chrome] Revision 150239Patch;Issue Tracking
-
http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
https://code.google.com/p/chromium/issues/detail?id=140647
140647 - UNKNOWN in ogg_calc_pts - chromium - MonorailPatch;Issue Tracking
-
https://chromiumcodereview.appspot.com/10829204
Issue 10829204: Roll FFmpeg for security fixes. - Code ReviewPatch;Issue Tracking
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15688
Repository / Oval Repository
-
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html
[security-announce] openSUSE-SU-2012:1376-1: important: update for chromThird Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/78839
Google Chrome CVE-2012-2882 wild pointer in OGG container handling CVE-2012-2882 Vulnerability Report
Products affected by CVE-2012-2882
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.58:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.64:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.65:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.21:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.22:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.29:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.31:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.27:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.48:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.39:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.56:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.55:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.8:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.4:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.10:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.59:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.60:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.16:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.17:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.26:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.23:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.35:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.33:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.52:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.51:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.3:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.18:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.20:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.28:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.25:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.37:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.36:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.54:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.53:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.6:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.63:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.62:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.76:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.12:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.14:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.24:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.49:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.32:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.57:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.50:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.9:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.7:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:22.0.1229.11:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*