CVE-2012-2797
Published: 10 September 2012
Unspecified vulnerability in the decode_frame_mp3on4 function in libavcodec/mpegaudiodec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors related to a calculation that prevents a frame from being "large enough."
Notes
Author | Note |
---|---|
mdeslaur | ffmpeg-extra in multiverse needs to have matching version libav-extra is built with tarball produced by libav package code in 0.7.x is different, not sure if vulnerable |
Priority
Status
Package | Release | Status |
---|---|---|
ffmpeg Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Released
(0.11)
|
|
Patches: upstream: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cca9528524c7a4b91451f4322bd50849af5d057e upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=9ab0874ea8b6774c6f5470dba2b5b4615a610d0d |
||
ffmpeg-extra Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Needs triage
|
|
libav Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Not vulnerable
|
|
precise |
Released
(4:0.8.5-0ubuntu0.12.04.1)
|
|
quantal |
Released
(6:0.8.5-0ubuntu0.12.10.1)
|
|
upstream |
Released
(0.8.5)
|
|
Patches: upstream: http://git.libav.org/?p=libav.git;a=commit;h=a5290800f5716a50ff53761164955be09a4e5581 |
||
libav-extra Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Not vulnerable
|
|
precise |
Released
(4:0.8.5ubuntu0.12.04.1)
|
|
quantal |
Released
(6:0.8.5ubuntu0.12.10.1)
|
|
upstream |
Released
(0.8.5)
|