CVE-2011-1931
Publication date 7 July 2011
Last updated 24 July 2024
Ubuntu priority
Description
sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file.
Status
| Package | Ubuntu Release | Status | 
|---|---|---|
| ffmpeg | ||
| ffmpeg-extra | ||
| libav | ||
| libav-extra | ||
Notes
mdeslaur
ffmpeg-extra in multiverse needs to have matching version debian states 0.5.x is not affected
Patch details
| Package | Patch details | 
|---|---|
| ffmpeg | 
References
Related Ubuntu Security Notices (USN)
- USN-1209-1
- FFmpeg vulnerabilities
- 19 September 2011
- USN-1209-2
- Libav vulnerabilities
- 19 September 2011