CVE-2012-0851 (retired)

Priority
Description
The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in
FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6,
0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause
a denial of service (application crash) and possibly execute arbitrary code
via a crafted H.264 file, related to the chroma_format_idc value.
Notes
 mdeslaur> in ffmpeg 0.5.x, issue is in h264.c
 mdeslaur> as of 2012-05-22, no fix in ffmpeg 0.5.x
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Patches:
Upstream:7fff64e00d886fde11d61958888c82b461cf99b9
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Package
Source: libav (LP Ubuntu Debian)
Upstream:released (0.6.6,0.7.6,0.8.3)
Ubuntu 12.04 ESM (Precise Pangolin):released (4:0.8.3-0ubuntu1)
Patches:
Upstream:http://git.libav.org/?p=libav.git;a=commit;h=6ef4063957aa5025c8d2cd757b6a537e4b6874df
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released
More Information

Updated: 2019-03-26 12:00:46 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)