CVE-2012-2802
Published: 10 September 2012
Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "number of output channels" and "out of array writes."
Notes
Author | Note |
---|---|
mdeslaur | ffmpeg-extra in multiverse needs to have matching version libav-extra is built with tarball produced by libav package cannot locate equivalent libav patch, even though 0.8.4 is supposed to fix it. libav 0.8.5 also says it fixes it, but still cannot locate patch |
jdstrand | looking at the logic in the videolan patch and the code in ffmpeg, this may not affect the version of ffmpeg in Ubuntu 10.04 LTS |
Priority
Status
Package | Release | Status |
---|---|---|
ffmpeg Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
saucy |
Does not exist
|
|
upstream |
Released
(0.11)
|
|
Patches: upstream: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2c22701c371c2f3dea21fcdbb97c981939fb77af |
||
ffmpeg-extra Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Ignored
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
saucy |
Does not exist
|
|
upstream |
Needs triage
|
|
libav Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Released
(4:0.7.6-0ubuntu0.11.10.3)
|
|
precise |
Released
(4:0.8.4-0ubuntu0.12.04.1)
|
|
quantal |
Released
(6:0.8.4-0ubuntu0.12.10.1)
|
|
raring |
Released
(6:0.8.4-0ubuntu0.12.10.1)
|
|
saucy |
Released
(6:0.8.4-0ubuntu0.12.10.1)
|
|
upstream |
Needs triage
|
|
libav-extra Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Released
(4:0.7.6ubuntu0.11.10.3)
|
|
precise |
Released
(4:0.8.4ubuntu0.12.04.1)
|
|
quantal |
Released
(6:0.8.4ubuntu0.12.10.1)
|
|
raring |
Released
(6:0.8.4ubuntu0.12.10.1)
|
|
saucy |
Released
(6:0.8.4ubuntu0.12.10.1)
|
|
upstream |
Needs triage
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2802
- http://www.openwall.com/lists/oss-security/2012/09/02/4
- http://www.openwall.com/lists/oss-security/2012/08/31/3
- http://secunia.com/advisories/50468
- http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2c22701c371c2f3dea21fcdbb97c981939fb77af
- http://ffmpeg.org/security.html
- https://ubuntu.com/security/notices/USN-1630-1
- https://ubuntu.com/security/notices/USN-1705-1
- NVD
- Launchpad
- Debian