CVE-2011-2161
Published: 20 May 2011
The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file that contains a header but no frames.
Notes
Author | Note |
---|---|
mdeslaur | ffmpeg-extra in multiverse needs to have matching version PoC: http://packetstorm.linuxsecurity.com/1103-exploits/vlc105-dos.txt |
Priority
Status
Package | Release | Status |
---|---|---|
ffmpeg Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Ignored
(end of life)
|
|
lucid |
Released
(4:0.5.1-1ubuntu1.2)
|
|
maverick |
Released
(4:0.6-2ubuntu6.2)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Released
(0.5.4)
|
|
Patches: upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=18c5fe919f4b1818ebdf405812c5a2d16174688f upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f17b89278709423b7eb76d7ed5eec5f82df57329 |
||
ffmpeg-extra Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
lucid |
Released
(4:0.5.1-1ubuntu1.3)
|
|
maverick |
Released
(4:0.6-2ubuntu3.3)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Needs triage
|
|
libav Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Not vulnerable
(4:0.6.2-1ubuntu1)
|
|
oneiric |
Not vulnerable
(4:0.7~beta2-2ubuntu1)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://git.libav.org/?p=libav.git;a=commit;h=8312e3fc9041027a33c8bc667bb99740fdf41dd5 |
||
libav-extra Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Not vulnerable
(4:0.6.2-1ubuntu1)
|
|
oneiric |
Not vulnerable
(4:0.7~beta2-2ubuntu1)
|
|
upstream |
Needs triage
|