Launchpad CVE tracker

CVE 2011-3937

The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to "width/height changing with frame threads."

Related bugs and status

CVE-2011-3937 (Candidate) is related to these bugs:

Bug #960949: FFe: New Upstream bug and security release 0.8.1

Summary				In	Importance	Status
	960949	FFe: New Upstream bug and security release 0.8.1		libav (Ubuntu)	Medium	Fix Released
	960949	FFe: New Upstream bug and security release 0.8.1		libav-extra (Ubuntu)	Medium	Fix Released

Bug #980963: Heap-based Buffer Overflow in libavcodec

		In	Importance	Status
980963	Heap-based Buffer Overflow in libavcodec	libav (Ubuntu)	Medium	Fix Released
980963	Heap-based Buffer Overflow in libavcodec	ffmpeg (Ubuntu)	Undecided	Invalid
980963	Heap-based Buffer Overflow in libavcodec	ffmpeg (Ubuntu Quantal)	Undecided	Invalid
980963	Heap-based Buffer Overflow in libavcodec	libav (Ubuntu Quantal)	Medium	Fix Released
980963	Heap-based Buffer Overflow in libavcodec	ffmpeg (Ubuntu Lucid)	Medium	Won't Fix
980963	Heap-based Buffer Overflow in libavcodec	libav (Ubuntu Lucid)	Undecided	Invalid
980963	Heap-based Buffer Overflow in libavcodec	ffmpeg (Ubuntu Natty)	Undecided	Invalid
980963	Heap-based Buffer Overflow in libavcodec	libav (Ubuntu Natty)	Medium	Won't Fix
980963	Heap-based Buffer Overflow in libavcodec	ffmpeg (Ubuntu Oneiric)	Undecided	Invalid
980963	Heap-based Buffer Overflow in libavcodec	libav (Ubuntu Oneiric)	Medium	Won't Fix
980963	Heap-based Buffer Overflow in libavcodec	ffmpeg (Ubuntu Precise)	Undecided	Invalid
980963	Heap-based Buffer Overflow in libavcodec	libav (Ubuntu Precise)	Medium	Fix Released

Bug #1011136: package ffmpeg 4:0.8.1-0ubuntu2 failed to upgrade: trying to overwrite 'ffmpeg' and 'ffmpeg.1.gz', which is also in package libav-tools 4:0.8.1-0ubuntu3

Summary				In	Importance	Status
	1011136	package ffmpeg 4:0.8.1-0ubuntu2 failed to upgrade: trying to overwrite 'ffmpeg' and 'ffmpeg.1.gz', which is also in package libav-tools 4:0.8.1-0ubuntu3		libav (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-3937

References