CVE 2012-0947
Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec (vqavideo.c) in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VQA media file in which the image size is not a multiple of the block size.
Related bugs and status
CVE-2012-0947 (Candidate) is related to these bugs:
Bug #939863: Warning message from ffmpeg program needs update
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 939863 | Warning message from ffmpeg program needs update | libav (Ubuntu) | Low | Fix Released | ||
| 939863 | Warning message from ffmpeg program needs update | libav (Ubuntu Precise) | Low | Fix Released | ||
| 939863 | Warning message from ffmpeg program needs update | libav | Undecided | Fix Released | ||
Bug #980963: Heap-based Buffer Overflow in libavcodec
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 980963 | Heap-based Buffer Overflow in libavcodec | libav (Ubuntu) | Medium | Fix Released | ||
| 980963 | Heap-based Buffer Overflow in libavcodec | ffmpeg (Ubuntu) | Undecided | Invalid | ||
| 980963 | Heap-based Buffer Overflow in libavcodec | ffmpeg (Ubuntu Quantal) | Undecided | Invalid | ||
| 980963 | Heap-based Buffer Overflow in libavcodec | libav (Ubuntu Quantal) | Medium | Fix Released | ||
| 980963 | Heap-based Buffer Overflow in libavcodec | ffmpeg (Ubuntu Lucid) | Medium | Won't Fix | ||
| 980963 | Heap-based Buffer Overflow in libavcodec | libav (Ubuntu Lucid) | Undecided | Invalid | ||
| 980963 | Heap-based Buffer Overflow in libavcodec | ffmpeg (Ubuntu Natty) | Undecided | Invalid | ||
| 980963 | Heap-based Buffer Overflow in libavcodec | libav (Ubuntu Natty) | Medium | Won't Fix | ||
| 980963 | Heap-based Buffer Overflow in libavcodec | ffmpeg (Ubuntu Oneiric) | Undecided | Invalid | ||
| 980963 | Heap-based Buffer Overflow in libavcodec | libav (Ubuntu Oneiric) | Medium | Won't Fix | ||
| 980963 | Heap-based Buffer Overflow in libavcodec | ffmpeg (Ubuntu Precise) | Undecided | Invalid | ||
| 980963 | Heap-based Buffer Overflow in libavcodec | libav (Ubuntu Precise) | Medium | Fix Released | ||
Bug #1011136: package ffmpeg 4:0.8.1-0ubuntu2 failed to upgrade: trying to overwrite 'ffmpeg' and 'ffmpeg.1.gz', which is also in package libav-tools 4:0.8.1-0ubuntu3
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1011136 | package ffmpeg 4:0.8.1-0ubuntu2 failed to upgrade: trying to overwrite 'ffmpeg' and 'ffmpeg.1.gz', which is also in package libav-tools 4:0.8.1-0ubuntu3 | libav (Ubuntu) | High | Fix Released | ||
Bug #1012132: June libav/ffmpeg security update tracking bug
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1012132 | June libav/ffmpeg security update tracking bug | libav (Ubuntu) | Medium | Fix Released | ||
| 1012132 | June libav/ffmpeg security update tracking bug | libav (Ubuntu Lucid) | Undecided | Invalid | ||
| 1012132 | June libav/ffmpeg security update tracking bug | libav (Ubuntu Natty) | Medium | Fix Released | ||
| 1012132 | June libav/ffmpeg security update tracking bug | libav (Ubuntu Quantal) | Medium | Fix Released | ||
| 1012132 | June libav/ffmpeg security update tracking bug | libav (Ubuntu Precise) | Medium | Fix Released | ||
| 1012132 | June libav/ffmpeg security update tracking bug | libav (Ubuntu Oneiric) | Medium | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
