nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before
0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before
0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of
service (out-of-bounds read and write) via a crafted NSV file that triggers
“use of uninitialized streams.”
Author | Note |
---|---|
mdeslaur | ffmpeg-extra in multiverse needs to have matching version libav-extra is built with tarball produced by libav package |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | ffmpeg | < 4:0.5.9-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | upstream | noarch | ffmpeg | < 0.5.9 | UNKNOWN |
ubuntu | upstream | noarch | ffmpeg-extra | < any | UNKNOWN |
ubuntu | 11.04 | noarch | libav | < 4:0.6.6-0ubuntu0.11.04.1 | UNKNOWN |
ubuntu | 11.10 | noarch | libav | < 4:0.7.6-0ubuntu0.11.10.1 | UNKNOWN |
ubuntu | upstream | noarch | libav | < 0.6.6,0.7.5,0.8.1 | UNKNOWN |
ubuntu | upstream | noarch | libav-extra | < any | UNKNOWN |