CVE-2013-4265

Publication date 23 November 2013

Last updated 24 July 2024

Ubuntu priority

Description

The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0.1 has an unspecified impact and remote vectors related to a "wrong return code" and a resultant NULL pointer dereference.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
ffmpeg-extra	13.04 raring	Not in release
	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Ignored end of life
ffmpeg	13.04 raring	Not in release
	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Ignored end of life
libav	13.04 raring	Not affected
	12.10 quantal	Not affected
	12.04 LTS precise	Not affected
	10.04 LTS lucid	Not in release
libav-extra	13.04 raring	Not affected
	12.10 quantal	Not affected
	12.04 LTS precise	Not affected
	10.04 LTS lucid	Not in release

Notes

mdeslaur

ffmpeg-extra in multiverse needs to have matching version libav-extra is built with tarball produced by libav package

seth-arnold

I didn't locate the vulnerable code in our sources