CVE-2011-3504

Priority
Description
The Matroska format decoder in FFmpeg before 0.8.3 does not properly
allocate memory, which allows remote attackers to execute arbitrary code
via a crafted file.
Assigned-to
mdeslaur
Notes
mdeslaurffmpeg-extra in multiverse needs to have matching version
libav-extra is built with tarball produced by libav package
tyhicksThe Mitre description references MSVR11-011, while the upstream
commit message references MSVR11-080, which does not exist. I believe
there may have been a typo in the commit message.
I believe the ffmpeg commit 77d2ef13 was for the 0.8.3 release and
956c901c was the backport for the 0.7.5 release.
The older ffmpeg packages in lucid and maverick look to have the same
vulnerable code.
Package
Upstream:needed
Package
Upstream:needed
More Information

Updated: 2019-12-05 20:57:50 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)