Vulnerability Details : CVE-2012-6617
The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2012-6617
Probability of exploitation activity in the next 30 days: 0.26%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 65 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-6617
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
References for CVE-2012-6617
-
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9929991da7b843e7d80154fcacc4e80579b86a2d
git.videolan.org Git - ffmpeg.git/commitdiffExploit;Patch
-
http://www.ffmpeg.org/security.html
FFmpeg Security
-
https://trac.ffmpeg.org/ticket/1986
#1986 (ffserver crashes while playing h264 video from matroska container over rtsp) – FFmpeg
Products affected by CVE-2012-6617
- cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:1.0:*:*:*:*:*:*:*