Your submission was sent successfully! Close


Published: 9 October 2015

The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.

From the Ubuntu security team

It was discovered that Libav incorrectly handled certain media files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.



CVSS 3 base score: 6.5


Package Release Status
Launchpad, Ubuntu, Debian
artful Not vulnerable
bionic Not vulnerable
cosmic Not vulnerable
disco Not vulnerable
precise Does not exist

trusty Does not exist

upstream Needs triage

vivid Not vulnerable
wily Not vulnerable
xenial Not vulnerable
yakkety Not vulnerable
zesty Not vulnerable
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

precise Does not exist
(precise was released [4:0.8.17-0ubuntu0.12.04.2])
trusty Does not exist
(trusty was needed)
upstream Needs triage

vivid Ignored
(reached end-of-life)
wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist