CVE-2012-6618

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 1.0.2

Description The issue allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient "frames to estimate rate" when running with certain -probesize values. This is due to a problem in the av probe input buffer function in libavformat/utils.c.

Recommendations For versions prior to 1.0.2, update to version 1.0.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of certain -probesize values that may trigger the crash.