Heap-based buffer overflow in the vqa_decode_chunk function in the VQA
codec (vqavideo.c) in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before
0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers
to cause a denial of service (crash) and possibly execute arbitrary code
via a crafted VQA media file in which the image size is not a multiple of
the block size.
Author | Note |
---|---|
jdstrand | Independently discovered in ffmpeg by Mateusz Jurczyk and Gynvael Coldwind |
mdeslaur | as of 2012-05-22, no fix in libav 0.6.x |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | ffmpeg | < 4:0.5.9-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | upstream | noarch | ffmpeg | < 0.5.9 | UNKNOWN |
ubuntu | upstream | noarch | ffmpeg-extra | < any | UNKNOWN |
ubuntu | 11.04 | noarch | libav | < 4:0.6.6-0ubuntu0.11.04.1 | UNKNOWN |
ubuntu | 11.10 | noarch | libav | < 4:0.7.6-0ubuntu0.11.10.1 | UNKNOWN |
ubuntu | 12.04 | noarch | libav | < 4:0.8.3-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | upstream | noarch | libav | < 0.6.6,0.7.6,0.8.2 | UNKNOWN |
ubuntu | 11.04 | noarch | libav-extra | < 4:0.6.6-0ubuntu0.11.04.1 | UNKNOWN |
ubuntu | 11.10 | noarch | libav-extra | < 4:0.7.6-0ubuntu0.11.10.1 | UNKNOWN |
ubuntu | 12.04 | noarch | libav-extra | < 4:0.8.3-0ubuntu0.12.04.1 | UNKNOWN |