CVE-2012-5359

Publication date 8 February 2018

Last updated 25 August 2025

Ubuntu priority

Why this priority?

Cvss 3 Severity Score

Score breakdown

Description

Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
ffmpeg	13.04 raring	Not in release
	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	11.10 oneiric	Not in release
	10.04 LTS lucid	Ignored
	8.04 LTS hardy	Ignored end of life
ffmpeg-extra	13.04 raring	Not in release
	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	11.10 oneiric	Not in release
	10.04 LTS lucid	Ignored
	8.04 LTS hardy	Not in release
libav	13.04 raring	Ignored
	12.10 quantal	Ignored
	12.04 LTS precise	Ignored
	11.10 oneiric	Ignored
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release
libav-extra	13.04 raring	Ignored
	12.10 quantal	Ignored
	12.04 LTS precise	Ignored
	11.10 oneiric	Ignored
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release

Notes

mdeslaur

ffmpeg-extra in multiverse needs to have matching version libav-extra is built with tarball produced by libav package no details as of 2013-05-01, ignoring.

Severity score breakdown

Parameter	Value
Base score	8.8 · High
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H