CVE-2012-0852

Priority
Low
Description
The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before
0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before
0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of
service (application crash) and possibly execute arbitrary code via an
ADPCM file with the number of channels not equal to two.
References
Bugs
Notes
mdeslaur> as of 2012-05-22, no equivalent fix in libav
mdeslaur> as of 2012-05-22, no equivalent fix in ffmpeg 0.5.x
Assigned-to
mdeslaur
Package
Source: libav (LP Ubuntu Debian)
Upstream:released (0.8,0.6.6,0.7.6,)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):released (4:0.6.6-0ubuntu0.11.04.1)
Ubuntu 11.10 (Oneiric Ocelot):released (4:0.7.6-0ubuntu0.11.10.1)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (4:0.8.1-0ubuntu1)
Ubuntu 12.10 (Quantal Quetzal):not-affected (4:0.8.1-0ubuntu2)
Patches:
Upstream:http://git.libav.org/?p=libav.git;a=commit;h=bb5b3940b08d8dad5b7e948e8f3b02cd2eb70716
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):released (4:0.5.9-0ubuntu0.10.04.1)
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Patches:
Upstream:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=608708009f69ba4cecebf05120c696167494c897
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):released
Ubuntu 11.10 (Oneiric Ocelot):released
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (4:0.8.1ubuntu1)
Ubuntu 12.10 (Quantal Quetzal):not-affected (4:0.8.1ubuntu1)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-08-22 22:14:30 UTC (commit 5659)