CVE-2011-0723

Publication date 16 February 2011

Last updated 24 July 2024

Ubuntu priority

FFmpeg 0.5.x, as used in MPlayer and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed VC-1 file.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
ffmpeg	10.10 maverick	Fixed 4:0.6-2ubuntu6.1
	10.04 LTS lucid	Fixed 4:0.5.1-1ubuntu1.1
	9.10 karmic	Fixed 4:0.5+svn20090706-2ubuntu2.3
	8.04 LTS hardy	Fixed 3:0.cvs20070307-5ubuntu7.6
	6.06 LTS dapper	Ignored end of life
libav	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release

Notes

mdeslaur

as of 2010-02-16, fix may be incomplete, see upstream bug.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
ffmpeg	Upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f7494394ee8b375c9962e7528e7b7de6db76518e Upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8069e2f6fbd79e3d3d2ba17f5f097475b43e2921 Upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c47ca25e74bbe465cdc8b99d4f6ab4f0ad5e4229 Upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=2bbec1eda46d907605772a8b6e8263caa4bc4c82 Upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=cf69619141a5742c4e4156177335d553c5bab7b6
libav	Upstream: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c47ca25e74bbe465cdc8b99d4f6ab4f0ad5e4229 Upstream: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2bbec1eda46d907605772a8b6e8263caa4bc4c82

Package

Patch details

ffmpeg

libav

References

Related Ubuntu Security Notices (USN)

USN-1104-1
FFmpeg vulnerabilities
4 April 2011

Other references

https://www.cve.org/CVERecord?id=CVE-2011-0723