Your submission was sent successfully! Close

CVE-2012-6617

Published: 24 December 2013

The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format.

Priority

Medium

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
bionic Not vulnerable

focal Not vulnerable
(code not present)
groovy Not vulnerable
(code not present)
hirsute Not vulnerable
(code not present)
impish Not vulnerable
(code not present)
jammy Not vulnerable
(code not present)
precise Does not exist

trusty Does not exist

upstream
Released
xenial Not vulnerable

ffmpeg
Launchpad, Ubuntu, Debian
bionic Not vulnerable

focal Not vulnerable

groovy Not vulnerable

hirsute Not vulnerable

impish Not vulnerable

jammy Not vulnerable

precise Does not exist

trusty Does not exist

upstream Not vulnerable
(debian: Introduced in 0.9 with d77f4afa9814b0433be6fdbfd7d8a113592ba680)
xenial Not vulnerable

gst-libav1.0
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)
gstreamer0.10-ffmpeg
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

kino
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(uses system ffmpeg)
focal Not vulnerable
(uses system ffmpeg)
groovy Not vulnerable
(uses system ffmpeg)
hirsute Not vulnerable
(uses system ffmpeg)
impish Not vulnerable
(uses system ffmpeg)
jammy Not vulnerable
(uses system ffmpeg)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(uses system ffmpeg)
libav
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (6:9.11-1)
xenial Does not exist

mythtv
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)
oxide-qt
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Needs triage

qtwebengine-opensource-src
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

vice
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)

Notes

AuthorNote
amurray
The Debian chromium source package is called chromium-browser in
Ubuntu
mdeslaur
starting with Ubuntu 19.10, the chromium-browser package is just
a script that installs the Chromium snap
sbeattie
kino uses the system ffmpeg libraries

References

Bugs