Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2011-3362

Published: 15 September 2011

Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Chinese AVS video (aka CAVS) file.

Notes

AuthorNote
mdeslaur 
ffmpeg-extra in multiverse needs to have matching version

Priority

Medium

Status

Package Release Status
ffmpeg
Launchpad, Ubuntu, Debian 		hardy Ignored
(end of life)
lucid
Released (4:0.5.1-1ubuntu1.2)
maverick
Released (4:0.6-2ubuntu6.2)
natty Does not exist

oneiric Does not exist

upstream Needs triage

Patches:
upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c5cbda50793e311aa73489d12184ffd6761c9fbf
upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=9f06c1c61e876e930753da200bfe835817e30a53
upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4a71da0f3ab7f5542decd11c81994f849d5b2c78
upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=961a1a81d88a05afabb895f8a9dd11e789a07d89
vendor: http://lists.debian.org/debian-security-announce/2011/msg00216.html

ffmpeg-extra
Launchpad, Ubuntu, Debian 		hardy Does not exist

lucid
Released (4:0.5.1-1ubuntu1.3)
maverick
Released (4:0.6-2ubuntu3.3)
natty Does not exist

oneiric Does not exist

upstream Needs triage

libav
Launchpad, Ubuntu, Debian 		hardy Does not exist

lucid Does not exist

maverick Does not exist

natty
Released (4:0.6.2-1ubuntu1.1)
oneiric Not vulnerable
(4:0.7.1-3ubuntu1)
upstream Needs triage

Patches:





upstream: http://git.libav.org/?p=libav.git;a=commitdiff;h=bd968d260aef322fb32e254a3de0d2036c57bd56
libav-extra
Launchpad, Ubuntu, Debian 		hardy Does not exist

lucid Does not exist

maverick Does not exist

natty
Released (4:0.6.4-1ubuntu1)
oneiric
Released (4:0.7.3ubuntu0.11.10.1)
upstream Needs triage

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading