Launchpad.net

CVE 2012-0853

The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (infinite loop and crash) and possibly execute arbitrary code via a large component count in an Atrac 3 file.

Related bugs and status

CVE-2012-0853 (Candidate) is related to these bugs:

Bug #960949: FFe: New Upstream bug and security release 0.8.1

Summary				In	Importance	Status
	960949	FFe: New Upstream bug and security release 0.8.1		libav (Ubuntu)	Medium	Fix Released
	960949	FFe: New Upstream bug and security release 0.8.1		libav-extra (Ubuntu)	Medium	Fix Released

Bug #1012132: June libav/ffmpeg security update tracking bug

		In	Importance	Status
1012132	June libav/ffmpeg security update tracking bug	libav (Ubuntu)	Medium	Fix Released
1012132	June libav/ffmpeg security update tracking bug	libav (Ubuntu Lucid)	Undecided	Invalid
1012132	June libav/ffmpeg security update tracking bug	libav (Ubuntu Natty)	Medium	Fix Released
1012132	June libav/ffmpeg security update tracking bug	libav (Ubuntu Quantal)	Medium	Fix Released
1012132	June libav/ffmpeg security update tracking bug	libav (Ubuntu Precise)	Medium	Fix Released
1012132	June libav/ffmpeg security update tracking bug	libav (Ubuntu Oneiric)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-0853

Related bugs and status

Related bugs

References