CVE-2012-0852

Priority
Low
Description
The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before
0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before
0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of
service (application crash) and possibly execute arbitrary code via an
ADPCM file with the number of channels not equal to two.
References
Bugs
Notes
 mdeslaur> as of 2012-05-22, no equivalent fix in libav
 mdeslaur> as of 2012-05-22, no equivalent fix in ffmpeg 0.5.x
Assigned-to
mdeslaur
Package
Source: libav (LP Ubuntu Debian)
Upstream:released (0.8,0.6.6,0.7.6,)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (4:0.8.1-0ubuntu1)
Patches:
Upstream:http://git.libav.org/?p=libav.git;a=commit;h=bb5b3940b08d8dad5b7e948e8f3b02cd2eb70716
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Patches:
Upstream:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=608708009f69ba4cecebf05120c696167494c897
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (4:0.8.1ubuntu1)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:40:28 UTC (commit 9756)