CVE-2012-2788

Published: 10 September 2012

Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array read" when a "packet is shrunk."

Notes

Author	Note
mdeslaur	ffmpeg-extra in multiverse needs to have matching version libav-extra is built with tarball produced by libav package

Priority

Status

Package	Release	Status
ffmpeg Launchpad, Ubuntu, Debian	hardy	Ignored (end of life)
	lucid	Released (4:0.5.9-0ubuntu0.10.04.2)
	natty	Does not exist
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	upstream	Needs triage
	Patches: upstream: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c41ac870470c614185e1752c11f892809022248a
ffmpeg-extra Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Released (4:0.5.9-0ubuntu0.10.04.2)
	natty	Does not exist
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	upstream	Needs triage
libav Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	natty	Ignored (end of life)
	oneiric	Released (4:0.7.6-0ubuntu0.11.10.2)
	precise	Released (4:0.8.4-0ubuntu0.12.04.1)
	quantal	Released (6:0.8.4-0ubuntu0.12.10.1)
	upstream	Needs triage
	Patches: upstream: http://git.libav.org/?p=libav.git;a=commitdiff;h=0af49a63c7f87876486ab09482d5b26b95abce60
libav-extra Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	natty	Ignored (end of life)
	oneiric	Released (4:0.7.6ubuntu0.11.10.2)
	precise	Released (4:0.8.4ubuntu0.12.04.1)
	quantal	Released (6:0.8.4ubuntu0.12.10.1)
	upstream	Needs triage

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›