CVE-2012-0858

2012-02-1400:00:00

ubuntu.com

0.015 Low

EPSS

Percentile

87.1%

JSON

The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12
and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before
0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers
to cause a denial of service (application crash) and possibly execute
arbitrary code via a crafted Shorten file, related to an “invalid free”.

Notes

Author	Note
mdeslaur	as of 2012-05-22, no equivalent fix in ffmpeg 0.5.x

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchffmpeg< 4:0.5.9-0ubuntu0.10.04.1UNKNOWN
ubuntuupstreamnoarchffmpeg< anyUNKNOWN
ubuntuupstreamnoarchffmpeg-extra< anyUNKNOWN
ubuntu11.04noarchlibav< 4:0.6.6-0ubuntu0.11.04.1UNKNOWN
ubuntu11.10noarchlibav< 4:0.7.6-0ubuntu0.11.10.1UNKNOWN
ubuntuupstreamnoarchlibav< 0.6.6,0.7.5,0.8.1UNKNOWN
ubuntuupstreamnoarchlibav-extra< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	ffmpeg	< 4:0.5.9-0ubuntu0.10.04.1	UNKNOWN
ubuntu	upstream	noarch	ffmpeg	< any	UNKNOWN
ubuntu	upstream	noarch	ffmpeg-extra	< any	UNKNOWN
ubuntu	11.04	noarch	libav	< 4:0.6.6-0ubuntu0.11.04.1	UNKNOWN
ubuntu	11.10	noarch	libav	< 4:0.7.6-0ubuntu0.11.10.1	UNKNOWN
ubuntu	upstream	noarch	libav	< 0.6.6,0.7.5,0.8.1	UNKNOWN
ubuntu	upstream	noarch	libav-extra	< any	UNKNOWN