Candidate: CVE-2011-3937
PublicDate: 2013-01-05 00:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3937
Description:
 The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x
 before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x
 before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before
 0.8.1 has unspecified impact and attack vectors related to "width/height
 changing with frame threads."
Ubuntu-Description: 
Notes: 
 mdeslaur> ffmpeg-extra in multiverse needs to have matching version
 mdeslaur> libav-extra is built with tarball produced by libav package
 mdeslaur> libav upstream says fixed multithreaded decoding which was
 mdeslaur> introduced in 0.7, so older releases not affected.
Bugs: 
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 
 
Patches_ffmpeg:
 upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=71db86d53b5c6872cea31bf714a1a38ec78feaba
upstream_ffmpeg: needs-triage
hardy_ffmpeg: ignored (reached end-of-life)
lucid_ffmpeg: not-affected
natty_ffmpeg: DNE
oneiric_ffmpeg: DNE
precise_ffmpeg: DNE
devel_ffmpeg: DNE

Patches_ffmpeg-extra:
upstream_ffmpeg-extra: needs-triage
hardy_ffmpeg-extra: DNE
lucid_ffmpeg-extra: not-affected
natty_ffmpeg-extra: DNE
oneiric_ffmpeg-extra: DNE
precise_ffmpeg-extra: DNE
devel_ffmpeg-extra: DNE

Patches_libav:
 upstream: http://git.libav.org/?p=libav.git;a=commit;h=71db86d53b5c6872cea31bf714a1a38ec78feaba
upstream_libav: released (0.7.5,0.8.1)
hardy_libav: DNE
lucid_libav: DNE
natty_libav: not-affected
oneiric_libav: not-affected
precise_libav: not-affected (4:0.8.1-0ubuntu1)
devel_libav: not-affected (4:0.8.1-0ubuntu2)

Patches_libav-extra:
upstream_libav-extra: needs-triage
hardy_libav-extra: DNE
lucid_libav-extra: DNE
natty_libav-extra: not-affected
oneiric_libav-extra: not-affected
precise_libav-extra: not-affected (4:0.8.1ubuntu1)
devel_libav-extra: not-affected (4:0.8.1ubuntu1)