Launchpad.net

CVE 2011-0480

Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue.

Related bugs and status

CVE-2011-0480 (Candidate) is related to these bugs:

Bug #690169: Memory corruption in wmv parsing

Summary				In	Importance	Status
	690169	Memory corruption in wmv parsing		vlc (Ubuntu)	Undecided	Invalid
	690169	Memory corruption in wmv parsing		ffmpeg (Ubuntu)	Undecided	Fix Released

Bug #738134: Needed security upgrade for ffmpeg in lucid

		In	Importance	Status
738134	Needed security upgrade for ffmpeg in lucid	ffmpeg (Ubuntu)	Medium	Fix Released
738134	Needed security upgrade for ffmpeg in lucid	ffmpeg (Ubuntu Hardy)	Medium	Fix Released
738134	Needed security upgrade for ffmpeg in lucid	ffmpeg (Ubuntu Karmic)	Medium	Fix Released
738134	Needed security upgrade for ffmpeg in lucid	ffmpeg (Ubuntu Maverick)	Medium	Fix Released
738134	Needed security upgrade for ffmpeg in lucid	ffmpeg (Ubuntu Lucid)	Medium	Fix Released
738134	Needed security upgrade for ffmpeg in lucid	Medibuntu	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-0480

Related bugs and status

Related bugs

References