CVE-2008-3230
Published: 18 July 2008
The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file, possibly related to gstreamer, as demonstrated by lol-giftopnm.gif.
Notes
Author | Note |
---|---|
mdeslaur | Reproducer is here: http://libcaca.zoy.org/attachment/wiki/zzuf/bugs/lol-giftopnm.gif?format=raw This is just a dos, and upstream fixed this by removing the gif demuxer which would cause a regression for a stable release, so I opt to not fix this... |
Priority
Status
Package | Release | Status |
---|---|---|
ffmpeg Launchpad, Ubuntu, Debian |
dapper |
Ignored
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Ignored
|
|
hardy |
Ignored
|
|
intrepid |
Ignored
|
|
upstream |
Needs triage
|
|
ffmpeg-debian Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Ignored
|
|
upstream |
Needs triage
|
|
Patches: vendor: http://patch-tracking.debian.net/patch/series/view/ffmpeg-debian/0.svn20080206-17/050_CVE-2008-3230.patch |