Launchpad.net

CVE 2013-0894

Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size.

Related bugs and status

CVE-2013-0894 (Candidate) is related to these bugs:

Bug #1101829: Missing alternative libavutil-exta-51 dependency

Summary				In	Importance	Status
	1101829	Missing alternative libavutil-exta-51 dependency		libav (Ubuntu)	Undecided	Fix Released

Bug #1132568: Please update to 25.0.1364.160

		In	Importance	Status
1132568	Please update to 25.0.1364.160	chromium-browser (Ubuntu)	High	Fix Released
1132568	Please update to 25.0.1364.160	chromium-browser (Ubuntu Lucid)	High	Fix Released
1132568	Please update to 25.0.1364.160	chromium-browser (Ubuntu Oneiric)	High	Fix Released
1132568	Please update to 25.0.1364.160	chromium-browser (Ubuntu Quantal)	High	Fix Released
1132568	Please update to 25.0.1364.160	chromium-browser (Ubuntu Precise)	High	Fix Released
1132568	Please update to 25.0.1364.160	chromium-browser (Ubuntu Raring)	High	Fix Released

Bug #1143929: Devel dependencies are too strict for libav-extra packages

Summary				In	Importance	Status
	1143929	Devel dependencies are too strict for libav-extra packages		libav (Ubuntu)	Undecided	Fix Released

Bug #1160734: Merge Libav 0.8.6-1 from unstable

Summary				In	Importance	Status
	1160734	Merge Libav 0.8.6-1 from unstable		libav (Ubuntu)	High	Fix Released

Bug #1163354: March 2013 libav security tracking bug

		In	Importance	Status
1163354	March 2013 libav security tracking bug	libav (Ubuntu)	Undecided	Fix Released
1163354	March 2013 libav security tracking bug	libav (Ubuntu Lucid)	Medium	Invalid
1163354	March 2013 libav security tracking bug	libav (Ubuntu Oneiric)	Medium	Invalid
1163354	March 2013 libav security tracking bug	libav (Ubuntu Precise)	Medium	Fix Released
1163354	March 2013 libav security tracking bug	libav (Ubuntu Raring)	Undecided	Fix Released
1163354	March 2013 libav security tracking bug	libav (Ubuntu Quantal)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-0894

Related bugs and status

Related bugs

References