CVE 2012-0947
Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec (vqavideo.c) in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VQA media file in which the image size is not a multiple of the block size.
Related bugs and status
CVE-2012-0947 (Candidate) is related to these bugs:
Bug #939863: Warning message from ffmpeg program needs update
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
939863 | Warning message from ffmpeg program needs update | libav (Ubuntu) | Low | Fix Released | ||
939863 | Warning message from ffmpeg program needs update | libav (Ubuntu Precise) | Low | Fix Released | ||
939863 | Warning message from ffmpeg program needs update | libav | Undecided | Fix Released |
Bug #980963: Heap-based Buffer Overflow in libavcodec
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
980963 | Heap-based Buffer Overflow in libavcodec | libav (Ubuntu) | Medium | Fix Released | ||
980963 | Heap-based Buffer Overflow in libavcodec | ffmpeg (Ubuntu) | Undecided | Invalid | ||
980963 | Heap-based Buffer Overflow in libavcodec | ffmpeg (Ubuntu Quantal) | Undecided | Invalid | ||
980963 | Heap-based Buffer Overflow in libavcodec | libav (Ubuntu Quantal) | Medium | Fix Released | ||
980963 | Heap-based Buffer Overflow in libavcodec | ffmpeg (Ubuntu Lucid) | Medium | Won't Fix | ||
980963 | Heap-based Buffer Overflow in libavcodec | libav (Ubuntu Lucid) | Undecided | Invalid | ||
980963 | Heap-based Buffer Overflow in libavcodec | ffmpeg (Ubuntu Natty) | Undecided | Invalid | ||
980963 | Heap-based Buffer Overflow in libavcodec | libav (Ubuntu Natty) | Medium | Won't Fix | ||
980963 | Heap-based Buffer Overflow in libavcodec | ffmpeg (Ubuntu Oneiric) | Undecided | Invalid | ||
980963 | Heap-based Buffer Overflow in libavcodec | libav (Ubuntu Oneiric) | Medium | Won't Fix | ||
980963 | Heap-based Buffer Overflow in libavcodec | ffmpeg (Ubuntu Precise) | Undecided | Invalid | ||
980963 | Heap-based Buffer Overflow in libavcodec | libav (Ubuntu Precise) | Medium | Fix Released |
Bug #1011136: package ffmpeg 4:0.8.1-0ubuntu2 failed to upgrade: trying to overwrite 'ffmpeg' and 'ffmpeg.1.gz', which is also in package libav-tools 4:0.8.1-0ubuntu3
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1011136 | package ffmpeg 4:0.8.1-0ubuntu2 failed to upgrade: trying to overwrite 'ffmpeg' and 'ffmpeg.1.gz', which is also in package libav-tools 4:0.8.1-0ubuntu3 | libav (Ubuntu) | High | Fix Released |
Bug #1012132: June libav/ffmpeg security update tracking bug
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1012132 | June libav/ffmpeg security update tracking bug | libav (Ubuntu) | Medium | Fix Released | ||
1012132 | June libav/ffmpeg security update tracking bug | libav (Ubuntu Lucid) | Undecided | Invalid | ||
1012132 | June libav/ffmpeg security update tracking bug | libav (Ubuntu Natty) | Medium | Fix Released | ||
1012132 | June libav/ffmpeg security update tracking bug | libav (Ubuntu Quantal) | Medium | Fix Released | ||
1012132 | June libav/ffmpeg security update tracking bug | libav (Ubuntu Precise) | Medium | Fix Released | ||
1012132 | June libav/ffmpeg security update tracking bug | libav (Ubuntu Oneiric) | Medium | Fix Released |
See the
CVE page on Mitre.org
for more details.