CVE-2011-2162
Published: 20 May 2011
Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues "originally discovered by Google Chrome developers."
Notes
Author | Note |
---|---|
mdeslaur | ffmpeg-extra in multiverse needs to have matching version this CVE likely originates from the Mandriva update announcement here: http://lwn.net/Alerts/436853/ they have three patches from google: ffmpeg-mov_dref_looping.patch: http://git.videolan.org/?p=ffmpeg.git;a=commit;f=libavformat/mov.c;h=0e7d436d924a42ef6e8ab628a1f10d72801d1395 not security - see thread here: http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/2010-March/094630.html ffmpeg-mp3_outlen.patch: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/ffmpeg/patches/to_upstream/31_mp3_outlen.patch?revision=25031&view=markup&pathrev=28635 http://git.libav.org/?p=libav.git;a=commit;f=libavcodec/mpegaudiodec.c;h=45a014d75efd043aa432b87869f898e552cbbb75 all releases have this commit already ffmpeg-vorbis_zero_samplerate.patch: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/ffmpeg/patches/to_upstream/41_vorbis_zero_samplerate.patch?revision=25230&view=markup&pathrev=28635 SIGFPE = not security http://git.libav.org/?p=libav.git;a=commit;f=libavformat/oggparsevorbis.c;h=ce20edb7bd6c1768ef5f4d181d7ba27a0e7945bd Marking as ignored |
Priority
Status
Package | Release | Status |
---|---|---|
ffmpeg Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Ignored
(end of life)
|
|
lucid |
Ignored
|
|
maverick |
Ignored
|
|
natty |
Does not exist
|
|
upstream |
Needs triage
|
|
ffmpeg-extra Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
lucid |
Ignored
|
|
maverick |
Ignored
|
|
natty |
Does not exist
|
|
upstream |
Needs triage
|
|
libav Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Ignored
|
|
upstream |
Needs triage
|
|
libav-extra Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Ignored
|
|
upstream |
Needs triage
|