Bug#492806: libavformat52: does not handle STR file demuxing (CVE-2008-3162)

Michael Gilbert michael.s.gilbert at gmail.com
Tue Jul 29 22:23:49 UTC 2008

>> Package: libavformat52
>> Version: 0.svn20080206-11
>> Severity: grave
>> Tags: security
>> Justification: user security hole
>> ubuntu just updated their libavformat packages to patch a problem with
>> STR file demuxing [1].  does this problem apply to debian as well?  the
>> CVE number is CVE-2008-3162 [2].
>> [1] http://www.ubuntu.com/usn/usn-630-1
>> [2] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3162

> Thanks for your report but this bug is a clear dupe of #489965.

ok, i appologize, i did a quick scan of bugs in libavformat, and
somehow missed this.

there has not been a DSA to fix this problem in stable.  is the
libavformat0d package vulnerable there?  and if so, why isn't the
issue being tracked [1]?

[1] http://security-tracker.debian.net/tracker/status/release/stable

More information about the pkg-multimedia-maintainers mailing list