Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2012-0850

Published: 14 February 2012

The sbr_qmf_synthesis function in libavcodec/aacsbr.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted mpg file that triggers memory corruption involving the v_off variable, probably a buffer underflow.

Notes

AuthorNote
mdeslaur
as of 2012-05-22, no fix in libav 0.6.x and 0.7.x
code not present in ffmpeg 0.5.x

Priority

Medium

Status

Package Release Status
libav
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

maverick Does not exist

natty
Released (4:0.6.6-0ubuntu0.11.04.1)
oneiric
Released (4:0.7.6-0ubuntu0.11.10.1)
precise Not vulnerable
(4:0.8.1-0ubuntu1)
upstream
Released (0.8.0,0.7.6,0.6.6)
Patches:

upstream: http://git.libav.org/?p=libav.git;a=commit;h=17ce52912f59a74ecc265e062578fb1181456e18
ffmpeg
Launchpad, Ubuntu, Debian
hardy Ignored
(end of life)
lucid Not vulnerable
(code not present)
maverick Ignored
(end of life)
natty Does not exist

oneiric Does not exist

precise Does not exist

upstream Needs triage

Patches:
upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=944f5b2779e4aa63f7624df6cd4de832a53db81b

ffmpeg-extra
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable
(code not present)
maverick Ignored
(end of life)
natty Does not exist

oneiric Does not exist

precise Does not exist

upstream Needs triage

libav-extra
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

natty
Released
oneiric
Released
precise Not vulnerable
(4:0.8.1ubuntu1)
upstream Needs triage