CVE-2011-3974
Published: 2 October 2011
Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, a different vulnerability than CVE-2011-3362.
Notes
Author | Note |
---|---|
mdeslaur | ffmpeg-extra in multiverse needs to have matching version libav-extra is built with tarball produced by libav package same commit as CVE-2011-3973 this is already fixed in CVE-2011-3362.patch |
Priority
Status
Package | Release | Status |
---|---|---|
ffmpeg Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
(4:0.5.1-1ubuntu1.2)
|
|
maverick |
Not vulnerable
(4:0.6-2ubuntu6.2)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Released
(0.7.4)
|
|
Patches: upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=bd968d260aef322fb32e254a3de0d2036c57bd56 vendor: http://lists.debian.org/debian-security-announce/2011/msg00216.html |
||
ffmpeg-extra Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Needs triage
|
|
libav Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Not vulnerable
(4:0.6.2-1ubuntu1.1)
|
|
oneiric |
Not vulnerable
(4:0.7.1-3ubuntu1)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://git.libav.org/?p=libav.git;a=commit;h=4a71da0f3ab7f5542decd11c81994f849d5b2c78 |
||
libav-extra Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Released
(4:0.6.4-1ubuntu1)
|
|
oneiric |
Not vulnerable
|
|
upstream |
Needs triage
|