Launchpad.net

CVE 2011-3936

The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file.

Related bugs and status

CVE-2011-3936 (Candidate) is related to these bugs:

Bug #960949: FFe: New Upstream bug and security release 0.8.1

Summary				In	Importance	Status
	960949	FFe: New Upstream bug and security release 0.8.1		libav (Ubuntu)	Medium	Fix Released
	960949	FFe: New Upstream bug and security release 0.8.1		libav-extra (Ubuntu)	Medium	Fix Released

Bug #1012132: June libav/ffmpeg security update tracking bug

		In	Importance	Status
1012132	June libav/ffmpeg security update tracking bug	libav (Ubuntu)	Medium	Fix Released
1012132	June libav/ffmpeg security update tracking bug	libav (Ubuntu Lucid)	Undecided	Invalid
1012132	June libav/ffmpeg security update tracking bug	libav (Ubuntu Natty)	Medium	Fix Released
1012132	June libav/ffmpeg security update tracking bug	libav (Ubuntu Quantal)	Medium	Fix Released
1012132	June libav/ffmpeg security update tracking bug	libav (Ubuntu Precise)	Medium	Fix Released
1012132	June libav/ffmpeg security update tracking bug	libav (Ubuntu Oneiric)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://ffmpeg.org/
CONFIRM: http://git.libav.org/?...
CONFIRM: http://git.libav.org/?...
CONFIRM: http://libav.org/
DEBIAN: DSA-2471
UBUNTU: USN-1479-1
SECUNIA: 49089