CVE-2012-0856

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 0.9.1

Description A heap-based buffer overflow issue exists in the MPV frame start function in libavcodec/mpegvideo.c, which can be triggered when the lowres option is enabled. This allows remote attackers to cause a denial of service, resulting in an application crash, via a crafted H263 media file. The issue is a result of a regression error.

Recommendations For versions prior to 0.9.1, update to version 0.9.1 or later to resolve the issue. As a temporary workaround, consider disabling the lowres option to minimize the risk of exploitation.