CVE-2014-7937

Publication date 22 January 2015

Last updated 24 July 2024

Ubuntu priority

Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
chromium-browser	15.10 wily	Fixed 40.0.2214.94-0ubuntu1.1120
	15.04 vivid	Fixed 40.0.2214.94-0ubuntu1.1120
	14.10 utopic	Fixed 40.0.2214.94-0ubuntu0.14.10.1.1110
	14.04 LTS trusty	Fixed 40.0.2214.94-0ubuntu0.14.04.1.1068
	12.04 LTS precise	Ignored
	10.04 LTS lucid	Ignored end of life
libav	15.10 wily	Not in release
	15.04 vivid	Ignored end of life
	14.10 utopic	Ignored end of life
	14.04 LTS trusty	Not affected
	12.04 LTS precise	Not affected
	10.04 LTS lucid	Not in release
oxide-qt	15.10 wily	Fixed 1.4.2-0ubuntu1
	15.04 vivid	Fixed 1.4.2-0ubuntu1
	14.10 utopic	Fixed 1.4.2-0ubuntu0.14.10.1
	14.04 LTS trusty	Fixed 1.4.2-0ubuntu0.14.04.1
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Not in release

Notes

mdeslaur

as of 2015-05-08, no equivalent fix in libav

References

Related Ubuntu Security Notices (USN)

USN-2476-1
Oxide vulnerabilities
26 January 2015

CVE-2014-7937

Status

Notes

References

Related Ubuntu Security Notices (USN)

Other references