Candidate: CVE-2011-2160
PublicDate: 2011-05-20 22:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2160
Description:
 The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPlayer
 and other products, does not properly restrict read operations, which
 allows remote attackers to have an unspecified impact via a crafted VC-1
 file, a related issue to CVE-2011-0723.
Ubuntu-Description:
Notes:
 mdeslaur> ffmpeg-extra in multiverse needs to have matching version
 mdeslaur> we already fixed this as part of CVE-2011-0723
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_ffmpeg:
 upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8069e2f6fbd79e3d3d2ba17f5f097475b43e2921
upstream_ffmpeg: released (0.5.4)
dapper_ffmpeg: ignored (reached end-of-life)
hardy_ffmpeg: ignored (reached end-of-life)
lucid_ffmpeg: released (4:0.5.1-1ubuntu1.1)
maverick_ffmpeg: not-affected (0.6-2ubuntu6)
natty_ffmpeg: DNE
devel_ffmpeg: DNE

Patches_ffmpeg-extra:
upstream_ffmpeg-extra: released (0.5.4)
dapper_ffmpeg-extra: DNE
hardy_ffmpeg-extra: DNE
lucid_ffmpeg-extra: released (4:0.5.1-1ubuntu1.1)
maverick_ffmpeg-extra: not-affected (0.6-2ubuntu6)
natty_ffmpeg-extra: DNE
devel_ffmpeg-extra: DNE

Patches_libav:
upstream_libav: not-affected
dapper_libav: DNE
hardy_libav: DNE
lucid_libav: DNE
maverick_libav: DNE
natty_libav: not-affected
devel_libav: not-affected

Patches_libav-extra:
upstream_libav-extra: not-affected
dapper_libav-extra: DNE
hardy_libav-extra: DNE
lucid_libav-extra: DNE
maverick_libav-extra: DNE
natty_libav-extra: not-affected
devel_libav-extra: not-affected