CVE-2011-1931

2011-07-0700:00:00

ubuntu.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.02

Percentile

88.9%

JSON

sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before
0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9
and earlier and other products, performs a write operation outside the
bounds of an unspecified array, which allows remote attackers to cause a
denial of service (memory corruption) or possibly execute arbitrary code
via a malformed AMV file.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624339>

Notes

Author	Note
mdeslaur	ffmpeg-extra in multiverse needs to have matching version debian states 0.5.x is not affected

OSVersionArchitecturePackageVersionFilename
ubuntu10.10noarchffmpeg< 4:0.6-2ubuntu6.2UNKNOWN
ubuntu10.10noarchffmpeg-extra< 4:0.6-2ubuntu3.3UNKNOWN
ubuntu11.04noarchlibav< 4:0.6.2-1ubuntu1.1UNKNOWN
ubuntu11.04noarchlibav-extra< 4:0.6.4-1ubuntu1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.10	noarch	ffmpeg	< 4:0.6-2ubuntu6.2	UNKNOWN
ubuntu	10.10	noarch	ffmpeg-extra	< 4:0.6-2ubuntu3.3	UNKNOWN
ubuntu	11.04	noarch	libav	< 4:0.6.2-1ubuntu1.1	UNKNOWN
ubuntu	11.04	noarch	libav-extra	< 4:0.6.4-1ubuntu1	UNKNOWN