CVE-2012-2803
Published: 10 September 2012
Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to resetting the data size value.
Notes
Author | Note |
---|---|
mdeslaur | ffmpeg-extra in multiverse needs to have matching version libav-extra is built with tarball produced by libav package |
Priority
Status
Package | Release | Status |
---|---|---|
ffmpeg Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(4:0.5.9-0ubuntu0.10.04.3)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Released
(0.11)
|
|
Patches: upstream: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=951cbea56fdc03ef96d07fbd7e5bed755d42ac8a upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=582368626188c070d4300913c6da5efa4c24cfb2 |
||
ffmpeg-extra Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(4:0.5.9-0ubuntu0.10.04.3)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Needs triage
|
|
libav Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Released
(4:0.7.6-0ubuntu0.11.10.3)
|
|
precise |
Released
(4:0.8.5-0ubuntu0.12.04.1)
|
|
quantal |
Released
(6:0.8.5-0ubuntu0.12.10.1)
|
|
upstream |
Released
(0.8.5)
|
|
Patches: upstream: http://git.libav.org/?p=libav.git;a=commit;h=56c1e18a5225f2737f91e6028f114f56d7ca802a |
||
libav-extra Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Released
(4:0.7.6ubuntu0.11.10.3)
|
|
precise |
Released
(4:0.8.5ubuntu0.12.04.1)
|
|
quantal |
Released
(6:0.8.5ubuntu0.12.10.1)
|
|
upstream |
Released
(0.8.5)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2803
- http://www.openwall.com/lists/oss-security/2012/09/02/4
- http://www.openwall.com/lists/oss-security/2012/08/31/3
- http://secunia.com/advisories/50468
- http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=951cbea56fdc03ef96d07fbd7e5bed755d42ac8a
- http://ffmpeg.org/security.html
- https://ubuntu.com/security/notices/USN-1706-1
- https://ubuntu.com/security/notices/USN-1705-1
- NVD
- Launchpad
- Debian