CVE-2012-2798

Published: 10 September 2012

Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array write."

Notes

Author	Note
mdeslaur	ffmpeg-extra in multiverse needs to have matching version libav-extra is built with tarball produced by libav package

Priority

Status

Package	Release	Status
ffmpeg Launchpad, Ubuntu, Debian	hardy	Ignored (end of life)
	lucid	Not vulnerable (code not present)
	natty	Does not exist
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	upstream	Released (0.11)
	Patches: upstream: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=72b9537d8886f679494651df517dfed9b420cf1f
ffmpeg-extra Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Not vulnerable (code not present)
	natty	Does not exist
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	upstream	Needs triage
libav Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	natty	Ignored (end of life)
	oneiric	Released (4:0.7.6-0ubuntu0.11.10.2)
	precise	Released (4:0.8.4-0ubuntu0.12.04.1)
	quantal	Released (6:0.8.4-0ubuntu0.12.10.1)
	upstream	Needs triage
	Patches: upstream: http://git.libav.org/?p=libav.git;a=commitdiff;h=d05f72c75445969cd7bdb1d860635c9880c67fb6
libav-extra Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	natty	Ignored (end of life)
	oneiric	Released (4:0.7.6ubuntu0.11.10.2)
	precise	Released (4:0.8.4ubuntu0.12.04.1)
	quantal	Released (6:0.8.4ubuntu0.12.10.1)
	upstream	Needs triage

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›