CVE-2011-2162
Publication date 20 May 2011
Last updated 24 July 2024
Ubuntu priority
Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues "originally discovered by Google Chrome developers."
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| ffmpeg | ||
| ffmpeg-extra | ||
| libav | ||
| libav-extra | ||
Notes
mdeslaur
ffmpeg-extra in multiverse needs to have matching version this CVE likely originates from the Mandriva update announcement here: http://lwn.net/Alerts/436853/ they have three patches from google: ffmpeg-mov_dref_looping.patch: http://git.videolan.org/?p=ffmpeg.git;a=commit;f=libavformat/mov.c;h=0e7d436d924a42ef6e8ab628a1f10d72801d1395 not security - see thread here: http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/2010-March/094630.html ffmpeg-mp3_outlen.patch: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/ffmpeg/patches/to_upstream/31_mp3_outlen.patch?revision=25031&view=markup&pathrev=28635 http://git.libav.org/?p=libav.git;a=commit;f=libavcodec/mpegaudiodec.c;h=45a014d75efd043aa432b87869f898e552cbbb75 all releases have this commit already ffmpeg-vorbis_zero_samplerate.patch: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/ffmpeg/patches/to_upstream/41_vorbis_zero_samplerate.patch?revision=25230&view=markup&pathrev=28635 SIGFPE = not security http://git.libav.org/?p=libav.git;a=commit;f=libavformat/oggparsevorbis.c;h=ce20edb7bd6c1768ef5f4d181d7ba27a0e7945bd Marking as ignored