1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
PublicDateAtUSN: 2012-09-10
Candidate: CVE-2012-2784
PublicDate: 2012-09-10
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2784
http://www.openwall.com/lists/oss-security/2012/09/02/4
http://www.openwall.com/lists/oss-security/2012/08/31/3
http://secunia.com/advisories/50468
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=25715064c2ef4978672a91f8c856f3e8809a7c45
http://ffmpeg.org/security.html
http://www.ubuntu.com/usn/usn-1630-1
http://www.ubuntu.com/usn/usn-1675-1
http://www.ubuntu.com/usn/usn-1674-1
Description:
Unspecified vulnerability in the decode_pic function in
libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7
and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to
"width/height changing in CAVS," a different vulnerability than
CVE-2012-2777.
Ubuntu-Description:
Notes:
mdeslaur> ffmpeg-extra in multiverse needs to have matching version
mdeslaur> libav-extra is built with tarball produced by libav package
mdeslayr> same commit as CVE-2012-2777
Bugs:
Priority: low
Discovered-by:
Assigned-to:
Patches_ffmpeg:
upstream: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=25715064c2ef4978672a91f8c856f3e8809a7c45
upstream_ffmpeg: needs-triage
hardy_ffmpeg: ignored (reached end-of-life)
lucid_ffmpeg: released (4:0.5.9-0ubuntu0.10.04.2)
natty_ffmpeg: DNE
oneiric_ffmpeg: DNE
precise_ffmpeg: DNE
quantal_ffmpeg: DNE
devel_ffmpeg: DNE
Patches_ffmpeg-extra:
upstream_ffmpeg-extra: needs-triage
hardy_ffmpeg-extra: DNE
lucid_ffmpeg-extra: released (4:0.5.9-0ubuntu0.10.04.2)
natty_ffmpeg-extra: DNE
oneiric_ffmpeg-extra: DNE
precise_ffmpeg-extra: DNE
quantal_ffmpeg-extra: DNE
devel_ffmpeg-extra: DNE
Patches_libav:
upstream: http://git.libav.org/?p=libav.git;a=commit;h=c20a69630619d14ae92c5541d52c579d7c8f3e94 (trunk)
upstream_libav: needs-triage
hardy_libav: DNE
lucid_libav: DNE
natty_libav: ignored (reached end-of-life)
oneiric_libav: released (4:0.7.6-0ubuntu0.11.10.2)
precise_libav: released (4:0.8.4-0ubuntu0.12.04.1)
quantal_libav: released (6:0.8.4-0ubuntu0.12.10.1)
devel_libav: not-affected (6:0.8.4-0ubuntu0.12.10.1)
Patches_libav-extra:
upstream_libav-extra: needs-triage
hardy_libav-extra: DNE
lucid_libav-extra: DNE
natty_libav-extra: ignored (reached end-of-life)
oneiric_libav-extra: released (4:0.7.6ubuntu0.11.10.2)
precise_libav-extra: released (4:0.8.4ubuntu0.12.04.1)
quantal_libav-extra: released (6:0.8.4ubuntu0.12.10.1)
devel_libav-extra: not-affected (6:0.8.4ubuntu0.12.10.1)
|