CVE-2012-2800

Published: 10 September 2012

Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "tile size ... mismatches parameters" and triggers "writing into a too small array."

Notes

Author	Note
mdeslaur	ffmpeg-extra in multiverse needs to have matching version libav-extra is built with tarball produced by libav package

Priority

Status

Package	Release	Status
ffmpeg Launchpad, Ubuntu, Debian	hardy	Ignored (end of life)
	lucid	Not vulnerable (code not present)
	natty	Does not exist
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	upstream	Released (0.11)
	Patches: upstream: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f0bf9e9c2a65e9a2b9d9e4e94f99acb191dc7ae7
ffmpeg-extra Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Not vulnerable (code not present)
	natty	Does not exist
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	upstream	Needs triage
libav Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	natty	Ignored (end of life)
	oneiric	Released (4:0.7.6-0ubuntu0.11.10.2)
	precise	Released (4:0.8.4-0ubuntu0.12.04.1)
	quantal	Released (6:0.8.4-0ubuntu0.12.10.1)
	upstream	Needs triage
	Patches: upstream: http://git.libav.org/?p=libav.git;a=commitdiff;h=ae3da0ae5550053583a6f281ea7fd940497ea0d1
libav-extra Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	natty	Ignored (end of life)
	oneiric	Released (4:0.7.6ubuntu0.11.10.2)
	precise	Released (4:0.8.4ubuntu0.12.04.1)
	quantal	Released (6:0.8.4ubuntu0.12.10.1)
	upstream	Needs triage

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›