CVE-2008-3230
Published: 18 July 2008
The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file, possibly related to gstreamer, as demonstrated by lol-giftopnm.gif.
Notes
| Author | Note |
|---|---|
| mdeslaur | Reproducer is here: http://libcaca.zoy.org/attachment/wiki/zzuf/bugs/lol-giftopnm.gif?format=raw This is just a dos, and upstream fixed this by removing the gif demuxer which would cause a regression for a stable release, so I opt to not fix this... |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
ffmpeg Launchpad, Ubuntu, Debian |
dapper |
Ignored
|
| feisty |
Ignored
(end of life, was needed)
|
|
| gutsy |
Ignored
|
|
| hardy |
Ignored
|
|
| intrepid |
Ignored
|
|
| upstream |
Needs triage
|
|
|
ffmpeg-debian Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| feisty |
Does not exist
|
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| intrepid |
Ignored
|
|
| upstream |
Needs triage
|
|
|
Patches: vendor: http://patch-tracking.debian.net/patch/series/view/ffmpeg-debian/0.svn20080206-17/050_CVE-2008-3230.patch |
||