PublicDateAtUSN: 2012-02-14
Candidate: CVE-2012-0852
PublicDate: 2012-08-20 18:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0852
 http://www.openwall.com/lists/oss-security/2012/02/14/4
 https://ubuntu.com/security/notices/USN-1479-1
 https://ubuntu.com/security/notices/USN-1478-1
Description:
 The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before
 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before
 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of
 service (application crash) and possibly execute arbitrary code via an
 ADPCM file with the number of channels not equal to two.
Ubuntu-Description:
Notes:
 mdeslaur> as of 2012-05-22, no equivalent fix in libav
 mdeslaur> as of 2012-05-22, no equivalent fix in ffmpeg 0.5.x
Bugs:
 https://ffmpeg.org/trac/ffmpeg/ticket/794
Priority: low
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_ffmpeg:
 upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=608708009f69ba4cecebf05120c696167494c897
upstream_ffmpeg: needs-triage
hardy_ffmpeg: ignored (reached end-of-life)
lucid_ffmpeg: released (4:0.5.9-0ubuntu0.10.04.1)
maverick_ffmpeg: ignored (reached end-of-life)
natty_ffmpeg: DNE
oneiric_ffmpeg: DNE
precise_ffmpeg: DNE
devel_ffmpeg: DNE

Patches_ffmpeg-extra:
upstream_ffmpeg-extra: needs-triage
hardy_ffmpeg-extra: DNE
lucid_ffmpeg-extra: released
maverick_ffmpeg-extra: ignored (reached end-of-life)
natty_ffmpeg-extra: DNE
oneiric_ffmpeg-extra: DNE
precise_ffmpeg-extra: DNE
devel_ffmpeg-extra: DNE

Patches_libav:
 upstream: http://git.libav.org/?p=libav.git;a=commit;h=bb5b3940b08d8dad5b7e948e8f3b02cd2eb70716
upstream_libav: released (0.8,0.6.6,0.7.6,)
hardy_libav: DNE
lucid_libav: DNE
maverick_libav: DNE
natty_libav: released (4:0.6.6-0ubuntu0.11.04.1)
oneiric_libav: released (4:0.7.6-0ubuntu0.11.10.1)
precise_libav: not-affected (4:0.8.1-0ubuntu1)
devel_libav: not-affected (4:0.8.1-0ubuntu2)

Patches_libav-extra:
upstream_libav-extra: needs-triage
hardy_libav-extra: DNE
lucid_libav-extra: DNE
maverick_libav-extra: DNE
natty_libav-extra: released
oneiric_libav-extra: released
precise_libav-extra: not-affected (4:0.8.1ubuntu1)
devel_libav-extra: not-affected (4:0.8.1ubuntu1)