1
Candidate: CVE-2011-3974
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3974
6
Integer signedness error in the decode_residual_inter function in cavsdec.c
7
in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote
8
attackers to cause a denial of service (incorrect write operation and
9
application crash) via an invalid bitstream in a Chinese AVS video (aka
10
CAVS) file, a different vulnerability than CVE-2011-3362.
13
mdeslaur> ffmpeg-extra in multiverse needs to have matching version
14
mdeslaur> libav-extra is built with tarball produced by libav package
15
mdeslaur> same commit as CVE-2011-3973
16
mdeslaur> this is already fixed in CVE-2011-3362.patch
23
upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=bd968d260aef322fb32e254a3de0d2036c57bd56
24
vendor: http://lists.debian.org/debian-security-announce/2011/msg00216.html
25
upstream_ffmpeg: released (0.7.4)
26
hardy_ffmpeg: ignored (reached end-of-life)
27
lucid_ffmpeg: not-affected (4:0.5.1-1ubuntu1.2)
28
maverick_ffmpeg: not-affected (4:0.6-2ubuntu6.2)
34
upstream_ffmpeg-extra: needs-triage
35
hardy_ffmpeg-extra: DNE
36
lucid_ffmpeg-extra: not-affected
37
maverick_ffmpeg-extra: not-affected
38
natty_ffmpeg-extra: DNE
39
oneiric_ffmpeg-extra: DNE
40
devel_ffmpeg-extra: DNE
43
upstream: http://git.libav.org/?p=libav.git;a=commit;h=4a71da0f3ab7f5542decd11c81994f849d5b2c78
44
upstream_libav: needs-triage
48
natty_libav: not-affected (4:0.6.2-1ubuntu1.1)
49
oneiric_libav: not-affected (4:0.7.1-3ubuntu1)
50
devel_libav: not-affected (4:0.7.1-3ubuntu1)
53
upstream_libav-extra: needs-triage
54
hardy_libav-extra: DNE
55
lucid_libav-extra: DNE
56
maverick_libav-extra: DNE
57
natty_libav-extra: released (4:0.6.4-1ubuntu1)
58
oneiric_libav-extra: not-affected
59
devel_libav-extra: not-affected