Bug#654534: libav: multiple security issues
Michael Gilbert
michael.s.gilbert at gmail.com
Wed Jan 4 00:35:33 UTC 2012
Package: libav
Version: 4:0.7.3-2
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for libav.
CVE-2011-3892[0]:
| Double free vulnerability in the Theora decoder in Google Chrome
| before 15.0.874.120 allows remote attackers to cause a denial of
| service or possibly have unspecified other impact via a crafted
| stream.
CVE-2011-3893[1]:
| Google Chrome before 15.0.874.120 does not properly implement the MKV
| and Vorbis media handlers, which allows remote attackers to cause a
| denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-3895[2]:
| Heap-based buffer overflow in the Vorbis decoder in Google Chrome
| before 15.0.874.120 allows remote attackers to cause a denial of
| service or possibly have unspecified other impact via a crafted
| stream.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
This issues also very likely affect ffmpeg in squeeze and before,
but I haven't checked that.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3892
http://security-tracker.debian.org/tracker/CVE-2011-3892
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3893
http://security-tracker.debian.org/tracker/CVE-2011-3893
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3895
http://security-tracker.debian.org/tracker/CVE-2011-3895
More information about the pkg-multimedia-maintainers
mailing list