Candidate: CVE-2010-4705
PublicDate: 2011-01-22 22:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4705
Description:
 Integer overflow in the vorbis_residue_decode_internal function in
 libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, has
 unspecified impact and remote attack vectors, related to the sizes of
 certain integer data types.  NOTE: this might overlap CVE-2011-0480.
Ubuntu-Description:
Notes:
 mdeslaur> 0.5.x and 0.6.x don't have affected code
Bugs:
 https://roundup.ffmpeg.org/issue2322
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611495
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_ffmpeg:
 upstream: http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=366d919016a679d3955f6fe5278fa7ce4f47b81e
upstream_ffmpeg: released
dapper_ffmpeg: ignored (reached end-of-life)
hardy_ffmpeg: not-affected (3:0.cvs20070307-5ubuntu7.5)
karmic_ffmpeg: not-affected (4:0.5+svn20090706-2ubuntu2.2)
lucid_ffmpeg: not-affected (4:0.5.1-1ubuntu1)
maverick_ffmpeg: not-affected (4:0.6-2ubuntu6)
devel_ffmpeg: not-affected (4:0.6.1-5ubuntu1)