CVE-2012-6617

Published: 24 December 2013

The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format.

Priority

Status

Package	Release	Status
chromium-browser Launchpad, Ubuntu, Debian	Upstream	Released

	Ubuntu 21.10 (Impish Indri)	Not vulnerable (code not present)
	Ubuntu 21.04 (Hirsute Hippo)	Not vulnerable (code not present)
	Ubuntu 20.04 LTS (Focal Fossa)	Not vulnerable (code not present)
	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable
	Ubuntu 16.04 ESM (Xenial Xerus)	Not vulnerable
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
ffmpeg Launchpad, Ubuntu, Debian	Upstream	Not vulnerable (debian: Introduced in 0.9 with d77f4afa9814b0433be6fdbfd7d8a113592ba680)

	Ubuntu 21.10 (Impish Indri)	Not vulnerable
	Ubuntu 21.04 (Hirsute Hippo)	Not vulnerable
	Ubuntu 20.04 LTS (Focal Fossa)	Not vulnerable
	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable
	Ubuntu 16.04 ESM (Xenial Xerus)	Not vulnerable
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
	Patches: Upstream: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9929991da7b843e7d80154fcacc4e80579b86a2d
gst-libav1.0 Launchpad, Ubuntu, Debian	Upstream	Needs triage

	Ubuntu 21.10 (Impish Indri)	Needs triage
	Ubuntu 21.04 (Hirsute Hippo)	Needs triage
	Ubuntu 20.04 LTS (Focal Fossa)	Needs triage
	Ubuntu 18.04 LTS (Bionic Beaver)	Needs triage
	Ubuntu 16.04 ESM (Xenial Xerus)	Ignored (end of standard support, was needs-triage)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
gstreamer0.10-ffmpeg Launchpad, Ubuntu, Debian	Upstream	Needs triage

	Ubuntu 21.10 (Impish Indri)	Does not exist
	Ubuntu 21.04 (Hirsute Hippo)	Does not exist
	Ubuntu 20.04 LTS (Focal Fossa)	Does not exist
	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist
	Ubuntu 16.04 ESM (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
kino Launchpad, Ubuntu, Debian	Upstream	Needs triage

	Ubuntu 21.10 (Impish Indri)	Not vulnerable (uses system ffmpeg)
	Ubuntu 21.04 (Hirsute Hippo)	Not vulnerable (uses system ffmpeg)
	Ubuntu 20.04 LTS (Focal Fossa)	Not vulnerable (uses system ffmpeg)
	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (uses system ffmpeg)
	Ubuntu 16.04 ESM (Xenial Xerus)	Not vulnerable (uses system ffmpeg)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
libav Launchpad, Ubuntu, Debian	Upstream	Released (6:9.11-1)

	Ubuntu 21.10 (Impish Indri)	Does not exist
	Ubuntu 21.04 (Hirsute Hippo)	Does not exist
	Ubuntu 20.04 LTS (Focal Fossa)	Does not exist
	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist
	Ubuntu 16.04 ESM (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
mythtv Launchpad, Ubuntu, Debian	Upstream	Needs triage

	Ubuntu 21.10 (Impish Indri)	Needs triage
	Ubuntu 21.04 (Hirsute Hippo)	Needs triage
	Ubuntu 20.04 LTS (Focal Fossa)	Needs triage
	Ubuntu 18.04 LTS (Bionic Beaver)	Needs triage
	Ubuntu 16.04 ESM (Xenial Xerus)	Ignored (end of standard support, was needs-triage)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
oxide-qt Launchpad, Ubuntu, Debian	Upstream	Needs triage

	Ubuntu 21.10 (Impish Indri)	Does not exist
	Ubuntu 21.04 (Hirsute Hippo)	Does not exist
	Ubuntu 20.04 LTS (Focal Fossa)	Does not exist
	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist
	Ubuntu 16.04 ESM (Xenial Xerus)	Needs triage
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
qtwebengine-opensource-src Launchpad, Ubuntu, Debian	Upstream	Needs triage

	Ubuntu 21.10 (Impish Indri)	Needs triage
	Ubuntu 21.04 (Hirsute Hippo)	Needs triage
	Ubuntu 20.04 LTS (Focal Fossa)	Needs triage
	Ubuntu 18.04 LTS (Bionic Beaver)	Needs triage
	Ubuntu 16.04 ESM (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
vice Launchpad, Ubuntu, Debian	Upstream	Needs triage

	Ubuntu 21.10 (Impish Indri)	Needs triage
	Ubuntu 21.04 (Hirsute Hippo)	Needs triage
	Ubuntu 20.04 LTS (Focal Fossa)	Needs triage
	Ubuntu 18.04 LTS (Bionic Beaver)	Needs triage
	Ubuntu 16.04 ESM (Xenial Xerus)	Ignored (end of standard support, was needs-triage)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist

Notes

Author	Note
amurray	The Debian chromium source package is called chromium-browser in Ubuntu
mdeslaur	starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap
sbeattie	kino uses the system ffmpeg libraries

Author

Note

amurray

The Debian chromium source package is called chromium-browser in
Ubuntu

mdeslaur

starting with Ubuntu 19.10, the chromium-browser package is just
a script that installs the Chromium snap

sbeattie

kino uses the system ffmpeg libraries

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›