Candidate: CVE-2011-3974 PublicDate: 2011-10-02 20:55:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3974 Description: Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, a different vulnerability than CVE-2011-3362. Ubuntu-Description: Notes: mdeslaur> ffmpeg-extra in multiverse needs to have matching version mdeslaur> libav-extra is built with tarball produced by libav package mdeslaur> same commit as CVE-2011-3973 mdeslaur> this is already fixed in CVE-2011-3362.patch Bugs: Priority: medium Discovered-by: Assigned-to: mdeslaur CVSS: Patches_ffmpeg: upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=bd968d260aef322fb32e254a3de0d2036c57bd56 vendor: http://lists.debian.org/debian-security-announce/2011/msg00216.html upstream_ffmpeg: released (0.7.4) hardy_ffmpeg: ignored (reached end-of-life) lucid_ffmpeg: not-affected (4:0.5.1-1ubuntu1.2) maverick_ffmpeg: not-affected (4:0.6-2ubuntu6.2) natty_ffmpeg: DNE oneiric_ffmpeg: DNE devel_ffmpeg: DNE Patches_ffmpeg-extra: upstream_ffmpeg-extra: needs-triage hardy_ffmpeg-extra: DNE lucid_ffmpeg-extra: not-affected maverick_ffmpeg-extra: not-affected natty_ffmpeg-extra: DNE oneiric_ffmpeg-extra: DNE devel_ffmpeg-extra: DNE Patches_libav: upstream: http://git.libav.org/?p=libav.git;a=commit;h=4a71da0f3ab7f5542decd11c81994f849d5b2c78 upstream_libav: needs-triage hardy_libav: DNE lucid_libav: DNE maverick_libav: DNE natty_libav: not-affected (4:0.6.2-1ubuntu1.1) oneiric_libav: not-affected (4:0.7.1-3ubuntu1) devel_libav: not-affected (4:0.7.1-3ubuntu1) Patches_libav-extra: upstream_libav-extra: needs-triage hardy_libav-extra: DNE lucid_libav-extra: DNE maverick_libav-extra: DNE natty_libav-extra: released (4:0.6.4-1ubuntu1) oneiric_libav-extra: not-affected devel_libav-extra: not-affected