Bug#610550: [CVE-2011-0480] memory corruptions in the ffmpeg Vorbis codec

Luciano Bello luciano at debian.org
Wed Jan 19 19:48:35 UTC 2011


Package: ffmpeg
Severity: important
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ffmpeg.

CVE-2011-0480[0]:
| Multiple buffer overflows in the Vorbis decoder in Google Chrome
| before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote
| attackers to cause a denial of service or possibly have unspecified
| other impact via unknown vectors.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

In upstream the report is [1]. The proposed patch is [2].

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0480
    http://security-tracker.debian.org/tracker/CVE-2011-0480

[1] http://roundup.ffmpeg.org/issue2548

[2] 
http://git.ffmpeg.org/?p=ffmpeg.git;a=blobdiff;f=libavcodec/vorbis_dec.c;h=c2bde812efca51ef09ed893a8a03f9bc0df2aa26;hp=749e9a939681cec052a63f3540f5a690af989cfd;hb=13184036a6b1b1d4b61c91118c0896e9ad4634c3;hpb=03ec42aa1ce738761130335e6e6f5ef5d0d1eadf





More information about the pkg-multimedia-maintainers mailing list