CVE-2008-4868

Priority
Low
Description
Unspecified vulnerability in the avcodec_close function in
libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has
unknown impact and attack vectors, related to a free "on random pointers."
References
Bugs
Notes
mdeslaur> Code in ffmpeg in gutsy, hardy, intrepid and jaunty doesn't free, so not vulnerable.
mdeslaur> kino is built with --disable-local-ffmpeg, so it's not vulnerable
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):not-affected (code not present)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (code not present)
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Patches:
Introduced:http://git.ffmpeg.org/?p=ffmpeg;a=commit;h=03bbae75cfbdac8012251eceb5748430f34c83d9
Upstream:http://svn.ffmpeg.org/ffmpeg/trunk/libavcodec/utils.c?r1=14766&r2=14787
Upstream:http://svn.ffmpeg.org/ffmpeg/trunk/libavcodec/utils.c?r1=14787&r2=14788 (related? incomplete...)
Upstream:http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=e0c16d7619617d726f5fa4f586ff74a43f445a89
Upstream:http://git.ffmpeg.org/?p=ffmpeg;a=commit;h=be8ff464977e36d7784a2dd1a9cb1a6d32ef4574
Package
Source: kino (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):not-affected (uses system ffmpeg)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (uses system ffmpeg)
Ubuntu 11.04 (Natty Narwhal):not-affected (uses system ffmpeg)
Ubuntu 11.10 (Oneiric Ocelot):not-affected (uses system ffmpeg)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (uses system ffmpeg)
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (uses system ffmpeg)
Ubuntu 11.04 (Natty Narwhal):not-affected (uses system ffmpeg)
Ubuntu 11.10 (Oneiric Ocelot):not-affected (uses system ffmpeg)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (uses system ffmpeg)
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):not-affected (code not present)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (code not present)
Ubuntu 11.04 (Natty Narwhal):not-affected (code not present)
Ubuntu 11.10 (Oneiric Ocelot):not-affected (code not present)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (code not present)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:19:12 UTC (commit 5347)