1
PublicDateAtUSN: 2012-05-13
2
Candidate: CVE-2011-3936
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3936
6
https://usn.ubuntu.com/usn/usn-1479-1
7
https://usn.ubuntu.com/usn/usn-1478-1
9
The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12
10
and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before
11
0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers
12
to cause a denial of service (out-of-bounds read and application crash) via
16
mdeslaur> ffmpeg-extra in multiverse needs to have matching version
17
mdeslaur> libav-extra is built with tarball produced by libav package
18
mdeslaur> see patches for CVE-2011-3929
21
Discovered-by: Mateusz Jurczyk and Gynvael Coldwind
25
upstream_ffmpeg: released (0.5.9)
26
hardy_ffmpeg: ignored (reached end-of-life)
27
lucid_ffmpeg: released (4:0.5.9-0ubuntu0.10.04.1)
34
upstream_ffmpeg-extra: needs-triage
35
hardy_ffmpeg-extra: DNE
36
lucid_ffmpeg-extra: released
37
natty_ffmpeg-extra: DNE
38
oneiric_ffmpeg-extra: DNE
39
precise_ffmpeg-extra: DNE
40
devel_ffmpeg-extra: DNE
43
upstream_libav: released (0.6.6,0.7.5,0.8.1)
46
natty_libav: released (4:0.6.6-0ubuntu0.11.04.1)
47
oneiric_libav: released (4:0.7.6-0ubuntu0.11.10.1)
48
precise_libav: not-affected (4:0.8.1-0ubuntu1)
49
devel_libav: not-affected (4:0.8.1-0ubuntu2)
52
upstream_libav-extra: needs-triage
53
hardy_libav-extra: DNE
54
lucid_libav-extra: DNE
55
natty_libav-extra: released
56
oneiric_libav-extra: released
57
precise_libav-extra: not-affected (4:0.8.1ubuntu1)
58
devel_libav-extra: not-affected (4:0.8.1ubuntu1)