OSVDB ID: 85295

Title: FFmpeg libavcodec/dfa.c decode_dds1() Function Unspecified Out-of-Array Write Issue

Info

Disclosure

Apr 13, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Apr 13, 2012

Description

FFmpeg contains an unspecified out-of-array write issue in the decode_dds1() function related to libavcodec/dfa.c. No further details have been provided.

Classification

Location: Context Dependent
Attack Type: Input Manipulation
Impact: Impact Unknown
Solution: Patch / RCS, Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Upgrade to version 0.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

FFmpeg Project

FFmpeg

0.10.3

References

CVE ID: 2012-2798 (see also: NVD)
Secunia Advisory ID: 51257 51643 51993
Bugtraq ID: 55355
Related OSVDB ID: 85267 85268 85269 85270 85271 85272 85273 85274 85275 85277 85278 85279 85280 85281 85282 85283 85284 85286 85287 85288 85289 85290 85291 85292 85293 85294 85300
Vendor Specific News/Changelog Entry: http://ffmpeg.org/security.html
http://www.ubuntu.com/usn/usn-1630-1/
http://www.ubuntu.com/usn/usn-1674-1/
http://www.ubuntu.com/usn/usn-1705-1
Vendor Specific Solution URL: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=72b9537d8886f679494651df517dfed9b420cf1f

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/85295