Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2011-3974

Published: 2 October 2011

Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, a different vulnerability than CVE-2011-3362.

Notes

AuthorNote
mdeslaur
ffmpeg-extra in multiverse needs to have matching version
libav-extra is built with tarball produced by libav package
same commit as CVE-2011-3973
this is already fixed in CVE-2011-3362.patch

Priority

Medium

Status

Package Release Status
ffmpeg
Launchpad, Ubuntu, Debian
hardy Ignored
(end of life)
lucid Not vulnerable
(4:0.5.1-1ubuntu1.2)
maverick Not vulnerable
(4:0.6-2ubuntu6.2)
natty Does not exist

oneiric Does not exist

upstream
Released (0.7.4)
Patches:
upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=bd968d260aef322fb32e254a3de0d2036c57bd56
vendor: http://lists.debian.org/debian-security-announce/2011/msg00216.html

ffmpeg-extra
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

maverick Not vulnerable

natty Does not exist

oneiric Does not exist

upstream Needs triage

libav
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

maverick Does not exist

natty Not vulnerable
(4:0.6.2-1ubuntu1.1)
oneiric Not vulnerable
(4:0.7.1-3ubuntu1)
upstream Needs triage

Patches:


upstream: http://git.libav.org/?p=libav.git;a=commit;h=4a71da0f3ab7f5542decd11c81994f849d5b2c78
libav-extra
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

maverick Does not exist

natty
Released (4:0.6.4-1ubuntu1)
oneiric Not vulnerable

upstream Needs triage