Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2012-0947

Published: 3 May 2012

Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec (vqavideo.c) in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VQA media file in which the image size is not a multiple of the block size.

Notes

AuthorNote
jdstrand
Independently discovered in ffmpeg by Mateusz Jurczyk and Gynvael
Coldwind
mdeslaur
as of 2012-05-22, no fix in libav 0.6.x

Priority

Medium

Status

Package Release Status
ffmpeg
Launchpad, Ubuntu, Debian
hardy Ignored
(end of life)
lucid
Released (4:0.5.9-0ubuntu0.10.04.1)
natty Does not exist

oneiric Does not exist

precise Does not exist

upstream
Released (0.5.9)
Patches:
upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=58b2e0f0f2fc96c1158e04f8aba95cbe6157a1a3


ffmpeg-extra
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid
Released
natty Does not exist

oneiric Does not exist

precise Does not exist

upstream Needs triage

libav
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

natty
Released (4:0.6.6-0ubuntu0.11.04.1)
oneiric
Released (4:0.7.6-0ubuntu0.11.10.1)
precise
Released (4:0.8.3-0ubuntu0.12.04.1)
upstream
Released (0.6.6,0.7.6,0.8.2)
Patches:

upstream: http://git.libav.org/?p=libav.git;a=commit;h=58b2e0f0f2fc96c1158e04f8aba95cbe6157a1a3
other: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/980963
libav-extra
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

maverick Does not exist

natty
Released (4:0.6.6-0ubuntu0.11.04.1)
oneiric
Released (4:0.7.6-0ubuntu0.11.10.1)
precise
Released (4:0.8.3-0ubuntu0.12.04.1)
upstream Needs triage