PublicDateAtUSN: 2012-02-14
Candidate: CVE-2012-0858
PublicDate: 2012-08-20 18:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0858
 http://www.openwall.com/lists/oss-security/2012/02/14/4
 https://ubuntu.com/security/notices/USN-1479-1
 https://ubuntu.com/security/notices/USN-1478-1
Description:
 The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12
 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before
 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers
 to cause a denial of service (application crash) and possibly execute
 arbitrary code via a crafted Shorten file, related to an "invalid free".
Ubuntu-Description:
Notes:
 mdeslaur> as of 2012-05-22, no equivalent fix in ffmpeg 0.5.x
Bugs:
Priority: low
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_ffmpeg:
 upstream: 18bcfc912e48bf77a5202a0e24a3b884b9b2ff2c
 upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=204cb29b3c84a74cbcd059d353c70c8bdc567d98
 upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=9e5e2c2d010c05c10337e9c1ec9d0d61495e0c9c (related)
upstream_ffmpeg: needs-triage
hardy_ffmpeg: ignored (reached end-of-life)
lucid_ffmpeg: released (4:0.5.9-0ubuntu0.10.04.1)
maverick_ffmpeg: ignored (reached end-of-life)
natty_ffmpeg: DNE
oneiric_ffmpeg: DNE
precise_ffmpeg: DNE
devel_ffmpeg: DNE

Patches_ffmpeg-extra:
upstream_ffmpeg-extra: needs-triage
hardy_ffmpeg-extra: DNE
lucid_ffmpeg-extra: released
maverick_ffmpeg-extra: ignored (reached end-of-life)
natty_ffmpeg-extra: DNE
oneiric_ffmpeg-extra: DNE
precise_ffmpeg-extra: DNE
devel_ffmpeg-extra: DNE

Patches_libav:
 upstream: http://git.libav.org/?p=libav.git;a=commit;h=204cb29b3c84a74cbcd059d353c70c8bdc567d98
 upstream: http://git.libav.org/?p=libav.git;a=commit;h=9e5e2c2d010c05c10337e9c1ec9d0d61495e0c9c (related)
upstream_libav: released (0.6.6,0.7.5,0.8.1)
hardy_libav: DNE
lucid_libav: DNE
maverick_libav: DNE
natty_libav: released (4:0.6.6-0ubuntu0.11.04.1)
oneiric_libav: released (4:0.7.6-0ubuntu0.11.10.1)
precise_libav: not-affected (4:0.8.1-0ubuntu1)
devel_libav: not-affected (4:0.8.1-0ubuntu2)

Patches_libav-extra:
upstream_libav-extra: needs-triage
hardy_libav-extra: DNE
lucid_libav-extra: DNE
natty_libav-extra: released
oneiric_libav-extra: released
precise_libav-extra: not-affected (4:0.8.1ubuntu1)
devel_libav-extra: not-affected (4:0.8.1ubuntu1)