CVE-2011-2161
Published: 20 May 2011
The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file that contains a header but no frames.
Notes
| Author | Note |
|---|---|
| mdeslaur | ffmpeg-extra in multiverse needs to have matching version PoC: http://packetstorm.linuxsecurity.com/1103-exploits/vlc105-dos.txt |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
ffmpeg Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| hardy |
Ignored
(end of life)
|
|
| lucid |
Released
(4:0.5.1-1ubuntu1.2)
|
|
| maverick |
Released
(4:0.6-2ubuntu6.2)
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| upstream |
Released
(0.5.4)
|
|
|
Patches: upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=18c5fe919f4b1818ebdf405812c5a2d16174688f upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f17b89278709423b7eb76d7ed5eec5f82df57329 |
||
|
ffmpeg-extra Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| lucid |
Released
(4:0.5.1-1ubuntu1.3)
|
|
| maverick |
Released
(4:0.6-2ubuntu3.3)
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
libav Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Not vulnerable
(4:0.6.2-1ubuntu1)
|
|
| oneiric |
Not vulnerable
(4:0.7~beta2-2ubuntu1)
|
|
| upstream |
Needs triage
|
|
|
Patches: upstream: http://git.libav.org/?p=libav.git;a=commit;h=8312e3fc9041027a33c8bc667bb99740fdf41dd5 |
||
|
libav-extra Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Not vulnerable
(4:0.6.2-1ubuntu1)
|
|
| oneiric |
Not vulnerable
(4:0.7~beta2-2ubuntu1)
|
|
| upstream |
Needs triage
|
|