CVE-2013-2276
Published: 27 February 2013
The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg before 1.1.3 does not verify the decoding state before proceeding with certain skip operations, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted audio data.
Notes
Author | Note |
---|---|
mdeslaur | ffmpeg-extra in multiverse needs to have matching version libav-extra is built with tarball produced by libav package |
jdstrand | avcodec_decode_audio4() does not exist in ffmpeg in Ubuntu 10.04 LTS or libav in Ubuntu 11.10 avcodec_decode_audio4() exists in Ubuntu 12.04 LTS and higher, but does not support skipping samples |
Priority
Status
Package | Release | Status |
---|---|---|
ffmpeg Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
(code-not-present)
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8a6449167a6da8cb747cfe3502ae86ffaac2ed48 |
||
ffmpeg-extra Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Needs triage
|
|
libav Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Not vulnerable
(code-not-present)
|
|
precise |
Not vulnerable
(code-not-present)
|
|
quantal |
Not vulnerable
(code-not-present)
|
|
upstream |
Needs triage
|
|
libav-extra Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Not vulnerable
|
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
upstream |
Needs triage
|