PublicDateAtUSN: 2012-02-14
Candidate: CVE-2012-0851
PublicDate: 2012-08-20 18:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0851
 http://www.openwall.com/lists/oss-security/2012/02/14/4
 https://ubuntu.com/security/notices/USN-1479-1
 https://ubuntu.com/security/notices/USN-1478-1
Description:
 The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in
 FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6,
 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause
 a denial of service (application crash) and possibly execute arbitrary code
 via a crafted H.264 file, related to the chroma_format_idc value.
Ubuntu-Description:
Notes:
 mdeslaur> in ffmpeg 0.5.x, issue is in h264.c
 mdeslaur> as of 2012-05-22, no fix in ffmpeg 0.5.x
Bugs:
Priority: low
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_ffmpeg:
 upstream: 7fff64e00d886fde11d61958888c82b461cf99b9
upstream_ffmpeg: needs-triage
hardy_ffmpeg: ignored (reached end-of-life)
lucid_ffmpeg: released (4:0.5.9-0ubuntu0.10.04.1)
maverick_ffmpeg: ignored (reached end-of-life)
natty_ffmpeg: DNE
oneiric_ffmpeg: DNE
precise_ffmpeg: DNE
devel_ffmpeg: DNE

Patches_ffmpeg-extra:
upstream_ffmpeg-extra: needs-triage
hardy_ffmpeg-extra: DNE
lucid_ffmpeg-extra: released
maverick_ffmpeg-extra: ignored (reached end-of-life)
natty_ffmpeg-extra: DNE
oneiric_ffmpeg-extra: DNE
precise_ffmpeg-extra: DNE
devel_ffmpeg-extra: DNE

Patches_libav:
 upstream: http://git.libav.org/?p=libav.git;a=commit;h=6ef4063957aa5025c8d2cd757b6a537e4b6874df
upstream_libav: released (0.6.6,0.7.6,0.8.3)
hardy_libav: DNE
lucid_libav: DNE
maverick_libav: DNE
natty_libav: released (4:0.6.6-0ubuntu0.11.04.1)
oneiric_libav: released (4:0.7.6-0ubuntu0.11.10.1)
precise_libav: released (4:0.8.3-0ubuntu0.12.04.1)
devel_libav: released (4:0.8.3-0ubuntu1)

Patches_libav-extra:
upstream_libav-extra: needs-triage
hardy_libav-extra: DNE
lucid_libav-extra: DNE
maverick_libav-extra: DNE
natty_libav-extra: released (4:0.6.6-0ubuntu0.11.04.1)
oneiric_libav-extra: released (4:0.7.6-0ubuntu0.11.10.1)
precise_libav-extra: released (4:0.8.3ubuntu0.12.04.1)
devel_libav-extra: released