CVE-2012-0852
Priority
Low
Description
The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before
0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before
0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of
service (application crash) and possibly execute arbitrary code via an
ADPCM file with the number of channels not equal to two.
0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before
0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of
service (application crash) and possibly execute arbitrary code via an
ADPCM file with the number of channels not equal to two.
References
Notes
mdeslaur> as of 2012-05-22, no equivalent fix in libav
mdeslaur> as of 2012-05-22, no equivalent fix in ffmpeg 0.5.x
mdeslaur> as of 2012-05-22, no equivalent fix in ffmpeg 0.5.x
Assigned-to
mdeslaur
Package
| Upstream: | released (0.8,0.6.6,0.7.6,) |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 11.04 (Natty Narwhal): | released (4:0.6.6-0ubuntu0.11.04.1) |
| Ubuntu 11.10 (Oneiric Ocelot): | released (4:0.7.6-0ubuntu0.11.10.1) |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (4:0.8.1-0ubuntu1) |
| Ubuntu 12.10 (Quantal Quetzal): | not-affected (4:0.8.1-0ubuntu2) |
Patches:
| Upstream: | http://git.libav.org/?p=libav.git;a=commit;h=bb5b3940b08d8dad5b7e948e8f3b02cd2eb70716 |
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | released |
| Ubuntu 11.04 (Natty Narwhal): | DNE |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (4:0.5.9-0ubuntu0.10.04.1) |
| Ubuntu 11.04 (Natty Narwhal): | DNE |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
Patches:
| Upstream: | http://git.videolan.org/?p=ffmpeg.git;a=commit;h=608708009f69ba4cecebf05120c696167494c897 |
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 11.04 (Natty Narwhal): | released |
| Ubuntu 11.10 (Oneiric Ocelot): | released |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (4:0.8.1ubuntu1) |
| Ubuntu 12.10 (Quantal Quetzal): | not-affected (4:0.8.1ubuntu1) |