OSVDB ID: 85300

Title: FFmpeg libavcodec/indeo5.c decode_frame Function Invalid gop Header Handling Unspecified Issue

Info

Disclosure

Mar 24, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Mar 24, 2012

Description

FFmpeg contains an unspecified flaw related to the decode_frame function in libavcodec/indeo5.c that is triggered during the handling of an invalid gop header. No further details have been provided.

Classification

Location: Context Dependent
Attack Type: Input Manipulation
Impact: Impact Unknown
Solution: Patch / RCS, Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Upgrade to version 0.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

FFmpeg Project

FFmpeg

0.10.3

References

CVE ID: 2012-2779 (see also: NVD)
Secunia Advisory ID: 51257 51643
Bugtraq ID: 55355
Related OSVDB ID: 85267 85268 85269 85270 85271 85272 85273 85274 85275 85277 85278 85279 85280 85281 85282 85283 85284 85286 85287 85288 85289 85290 85291 85292 85293 85294 85295
Vendor Specific News/Changelog Entry: http://ffmpeg.org/security.html
http://www.ubuntu.com/usn/usn-1630-1/
http://www.ubuntu.com/usn/usn-1674-1/
Vendor Specific Solution URL: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=229e4c133287955d5f3f837520a3602709b21950

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/85300