CVE-2011-4031 (retired)

Priority
Description
Integer underflow in the asfrtp_parse_packet function in
libavformat/rtpdec_asf.c in FFmpeg before 0.8.3 allows remote attackers to
execute arbitrary code via a crafted ASF packet.
Notes
 mdeslaur> ffmpeg-extra in multiverse needs to have matching version
 mdeslaur> libav-extra is built with tarball produced by libav package
 mdeslaur> code not present in ffmpeg 0.5.x
 mdeslaur> libav upstream says 0.6.x is not affected
Package
Upstream:released (0.8.3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Patches:
Upstream:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ba9a7e0d71bd34f8b89ae99322b62a310be163a6
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Package
Source: libav (LP Ubuntu Debian)
Upstream:released (0.8.0,0.7.6)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (4:0.8.1-0ubuntu2)
Patches:
Upstream:http://git.libav.org/?p=libav.git;a=commit;h=5ea091fb5a12dc0210b8efdf30b573b87e21652b
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (4:0.8.1ubuntu1)
More Information

Updated: 2019-03-26 11:58:58 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)