PublicDateAtUSN: 2012-12-12
Candidate: CVE-2012-5144
PublicDate: 2012-12-12 11:38:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5144
 http://googlechromereleases.blogspot.com/2012/12/stable-channel-update.html
 https://code.google.com/p/chromium/issues/detail?id=161639
 https://ubuntu.com/security/notices/USN-1705-1
Description:
 Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x
 before 0.8.5, do not properly perform AAC decoding, which allows remote
 attackers to cause a denial of service (stack memory corruption) or
 possibly have unspecified other impact via vectors related to "an
 off-by-one overwrite when switching to LTP profile from MAIN."
Ubuntu-Description:
Notes:
 jdstrand> stack memory suggests stack-protector could reduce this to a denial
  of service
 mdeslaur> code is different in 0.5.x
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_chromium-browser:
upstream_chromium-browser: released (23.0.1271.97)
hardy_chromium-browser: DNE
lucid_chromium-browser: released (3.0.1271.97-0ubuntu0.10.04.1)
oneiric_chromium-browser: released (3.0.1271.97-0ubuntu0.11.10.1)
precise_chromium-browser: released (3.0.1271.97-0ubuntu0.12.04.1)
quantal_chromium-browser: released (3.0.1271.97-0ubuntu0.12.10.1)
devel_chromium-browser: released (24.0.1312.56-0ubuntu1)

Patches_ffmpeg:
upstream_ffmpeg: needs-triage
hardy_ffmpeg: ignored (reached end-of-life)
lucid_ffmpeg: not-affected
natty_ffmpeg: DNE
oneiric_ffmpeg: DNE
precise_ffmpeg: DNE
quantal_ffmpeg: DNE
devel_ffmpeg: DNE

Patches_ffmpeg-extra:
upstream_ffmpeg-extra: needs-triage
hardy_ffmpeg-extra: DNE
lucid_ffmpeg-extra: not-affected
natty_ffmpeg-extra: DNE
oneiric_ffmpeg-extra: DNE
precise_ffmpeg-extra: DNE
quantal_ffmpeg-extra: DNE
devel_ffmpeg-extra: DNE

Patches_libav:
 upstream: http://git.libav.org/?p=libav.git;a=commit;h=a4a63bf5b55f9b42b752301ae417ee3f50f5a594
upstream_libav: released (0.8.5)
hardy_libav: DNE
lucid_libav: DNE
natty_libav: ignored (reached end-of-life)
oneiric_libav: released (4:0.7.6-0ubuntu0.11.10.3)
precise_libav: released (4:0.8.5-0ubuntu0.12.04.1)
quantal_libav: released (6:0.8.5-0ubuntu0.12.10.1)
devel_libav: released (6:0.8.5-0ubuntu1)

Patches_libav-extra:
upstream_libav-extra: released (0.8.5)
hardy_libav-extra: DNE
lucid_libav-extra: DNE
natty_libav-extra: ignored (reached end-of-life)
oneiric_libav-extra: released (4:0.7.6ubuntu0.11.10.3)
precise_libav-extra: released (4:0.8.5ubuntu0.12.04.1)
quantal_libav-extra: released (6:0.8.5ubuntu0.12.10.1)
devel_libav-extra: released (6:0.8.5ubuntu1)