Lucene search
Ubuntu.comUB:CVE-2012-0947HistoryMay 03, 2012 - 12:00 a.m.
CVE-2012-0947
2012-05-0300:00:00
ubuntu.com
ubuntu.com
6
0.044 Low
EPSS
Percentile
92.5%
Heap-based buffer overflow in the vqa_decode_chunk function in the VQA
codec (vqavideo.c) in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before
0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers
to cause a denial of service (crash) and possibly execute arbitrary code
via a crafted VQA media file in which the image size is not a multiple of
the block size.
Bugs
Notes
| Author | Note |
|---|---|
| jdstrand | Independently discovered in ffmpeg by Mateusz Jurczyk and Gynvael Coldwind |
| mdeslaur | as of 2012-05-22, no fix in libav 0.6.x |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 10.04 | noarch | ffmpeg | < 4:0.5.9-0ubuntu0.10.04.1 | UNKNOWN |
| ubuntu | upstream | noarch | ffmpeg | < 0.5.9 | UNKNOWN |
| ubuntu | upstream | noarch | ffmpeg-extra | < any | UNKNOWN |
| ubuntu | 11.04 | noarch | libav | < 4:0.6.6-0ubuntu0.11.04.1 | UNKNOWN |
| ubuntu | 11.10 | noarch | libav | < 4:0.7.6-0ubuntu0.11.10.1 | UNKNOWN |
| ubuntu | 12.04 | noarch | libav | < 4:0.8.3-0ubuntu0.12.04.1 | UNKNOWN |
| ubuntu | upstream | noarch | libav | < 0.6.6,0.7.6,0.8.2 | UNKNOWN |
| ubuntu | 11.04 | noarch | libav-extra | < 4:0.6.6-0ubuntu0.11.04.1 | UNKNOWN |
| ubuntu | 11.10 | noarch | libav-extra | < 4:0.7.6-0ubuntu0.11.10.1 | UNKNOWN |
| ubuntu | 12.04 | noarch | libav-extra | < 4:0.8.3-0ubuntu0.12.04.1 | UNKNOWN |
References
Related
cve
cve
CVE-2012-0947
2012-08-20 18:55:02
nvd
nvd
CVE-2012-0947
2012-08-20 18:55:02
debiancve
debiancve
CVE-2012-0947
2012-08-20 18:55:02
prion
prion
Heap overflow
2012-08-20 18:55:00
cvelist
cvelist
CVE-2012-0947
2012-08-20 18:00:00
debian
debian
[SECURITY] [DSA-2471-1] ffmpeg security update
2012-05-13 20:37:22
nessus
nessus
Debian DSA-2471-1 : ffmpeg - several vulnerabilities
2012-05-15 00:00:00
Ubuntu 10.04 LTS : ffmpeg vulnerabilities (USN-1479-1)
2012-06-19 00:00:00
GLSA-201210-06 : Libav: Multiple vulnerabilities
2012-10-22 00:00:00
osv
osv
ffmpeg - several
2012-05-13 00:00:00
openvas
openvas
Debian Security Advisory DSA 2471-1 (ffmpeg - several vulnerabilities)
2013-09-18 00:00:00
Debian: Security Advisory (DSA-2471-1)
2013-09-18 00:00:00
Ubuntu: Security Advisory (USN-1479-1)
2012-06-19 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA-2471-1] ffmpeg security update
2012-05-21 00:00:00
ffmpeg library multiple security vulnerabilities
2012-06-17 00:00:00
ubuntu
ubuntu
FFmpeg vulnerabilities
2012-06-18 00:00:00
Libav vulnerabilities
2012-06-18 00:00:00
gentoo
gentoo
Libav: Multiple vulnerabilities
2012-10-20 00:00:00
FFmpeg: Multiple vulnerabilities
2013-10-25 00:00:00
freebsd
freebsd
gstreamer-ffmpeg -- Multiple vulnerabilities in bundled libav
2013-08-20 00:00:00