Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2011-3929

Published: 13 May 2012

The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file.

Notes

AuthorNote
mdeslaur 
ffmpeg-extra in multiverse needs to have matching version
libav-extra is built with tarball produced by libav package

Priority

Medium

Status

Package Release Status
ffmpeg
Launchpad, Ubuntu, Debian 		hardy Ignored
(end of life)
lucid
Released (4:0.5.9-0ubuntu0.10.04.1)
natty Does not exist

oneiric Does not exist

precise Does not exist

upstream
Released (0.5.9)
Patches:
upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b
upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5a396bb3a66a61a68b80f2369d0249729bf85e04
upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=2d1c0dea5f6b91bec7f5fa53ec050913d851e366



ffmpeg-extra
Launchpad, Ubuntu, Debian 		hardy Does not exist

lucid
Released
natty Does not exist

oneiric Does not exist

precise Does not exist

upstream Needs triage

libav
Launchpad, Ubuntu, Debian 		hardy Does not exist

lucid Does not exist

natty
Released (4:0.6.6-0ubuntu0.11.04.1)
oneiric
Released (4:0.7.6-0ubuntu0.11.10.1)
precise Not vulnerable
(4:0.8.1-0ubuntu1)
upstream
Released (0.6.6,0.7.5,0.8.1)
Patches:



upstream: http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b
upstream: http://git.libav.org/?p=libav.git;a=commit;h=5a396bb3a66a61a68b80f2369d0249729bf85e04
upstream: http://git.libav.org/?p=libav.git;a=commit;h=2d1c0dea5f6b91bec7f5fa53ec050913d851e366
libav-extra
Launchpad, Ubuntu, Debian 		hardy Does not exist

lucid Does not exist

natty
Released
oneiric
Released
precise Not vulnerable
(4:0.8.1ubuntu1)
upstream Needs triage

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading