Common Vulnerabilities and Exposures assigned an identifier CVE-2012-6617 to the following vulnerability: Name: CVE-2012-6617 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6617 Assigned: 20131224 Reference: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9929991da7b843e7d80154fcacc4e80579b86a2d Reference: http://www.ffmpeg.org/security.html Reference: https://trac.ffmpeg.org/ticket/1986 Reference: OSVDB:93232 Reference: http://www.osvdb.org/93232 Reference: SECUNIA:51964 Reference: http://secunia.com/advisories/51964 The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format.
Statemenet: Not vulnerable. This issue did not affect the versions of qffmpeg as shipped with Red Hat Enterprise Linux 5 and ffmpeg-spice as shipped with Red Hat Enterprise Linux 6 as they did not include support for ffserver.