CVE-2011-1931

Priority
Description
sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before
0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9
and earlier and other products, performs a write operation outside the
bounds of an unspecified array, which allows remote attackers to cause a
denial of service (memory corruption) or possibly execute arbitrary code
via a malformed AMV file.
Notes
 mdeslaur> ffmpeg-extra in multiverse needs to have matching version
 mdeslaur> debian states 0.5.x is not affected
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Package
Source: libav (LP Ubuntu Debian)
Upstream:released (4:0.6.2-3)
Package
Upstream:needs-triage
More Information

Updated: 2019-01-14 21:57:34 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)