Your submission was sent successfully! Close

CVE-2015-5479

Published: 9 October 2015

The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.

From the Ubuntu security team

It was discovered that Libav incorrectly handled certain media files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
ffmpeg
Launchpad, Ubuntu, Debian
artful Not vulnerable
(7:2.8.3-1)
bionic Not vulnerable
(7:2.8.3-1)
cosmic Not vulnerable
(7:2.8.3-1)
disco Not vulnerable
(7:2.8.3-1)
precise Does not exist

trusty Does not exist

upstream Needs triage

vivid Not vulnerable
(7:2.5.9-0ubuntu0.15.04.1)
wily Not vulnerable
(7:2.7.3-0ubuntu0.15.10.1)
xenial Not vulnerable
(7:2.8.3-1)
yakkety Not vulnerable
(7:2.8.3-1)
zesty Not vulnerable
(7:2.8.3-1)
libav
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

precise Does not exist
(precise was released [4:0.8.17-0ubuntu0.12.04.2])
trusty Does not exist
(trusty was needed)
upstream Needs triage

vivid Ignored
(reached end-of-life)
wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist