CVE-2011-3362
Published: 15 September 2011
Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Chinese AVS video (aka CAVS) file.
Notes
Author | Note |
---|---|
mdeslaur | ffmpeg-extra in multiverse needs to have matching version |
Priority
Status
Package | Release | Status |
---|---|---|
ffmpeg Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(4:0.5.1-1ubuntu1.2)
|
|
maverick |
Released
(4:0.6-2ubuntu6.2)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c5cbda50793e311aa73489d12184ffd6761c9fbf upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=9f06c1c61e876e930753da200bfe835817e30a53 upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4a71da0f3ab7f5542decd11c81994f849d5b2c78 upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=961a1a81d88a05afabb895f8a9dd11e789a07d89 vendor: http://lists.debian.org/debian-security-announce/2011/msg00216.html |
||
ffmpeg-extra Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(4:0.5.1-1ubuntu1.3)
|
|
maverick |
Released
(4:0.6-2ubuntu3.3)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Needs triage
|
|
libav Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Released
(4:0.6.2-1ubuntu1.1)
|
|
oneiric |
Not vulnerable
(4:0.7.1-3ubuntu1)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://git.libav.org/?p=libav.git;a=commitdiff;h=bd968d260aef322fb32e254a3de0d2036c57bd56 |
||
libav-extra Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Released
(4:0.6.4-1ubuntu1)
|
|
oneiric |
Released
(4:0.7.3ubuntu0.11.10.1)
|
|
upstream |
Needs triage
|