CVE-2010-4704

libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
ffmpeg	10.10 maverick	Fixed 4:0.6-2ubuntu6.1
	10.04 LTS lucid	Fixed 4:0.5.1-1ubuntu1.1
	9.10 karmic	Fixed 4:0.5+svn20090706-2ubuntu2.3
	8.04 LTS hardy	Fixed 3:0.cvs20070307-5ubuntu7.6
	6.06 LTS dapper	Ignored end of life
libav	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
ffmpeg	Upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=d6860fb653ed42a9d35e134f843f03cc049b74f1 Upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4ac56bf7dc2c617c9fe6dce9167d499dbb8a9b76 Upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3dde66752d59dfdd0f3727efd66e7202b3c75078
libav	Upstream: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3dde66752d59dfdd0f3727efd66e7202b3c75078

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references