Launchpad.net

CVE 2010-4704

libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480.

Related bugs and status

CVE-2010-4704 (Candidate) is related to these bugs:

Bug #690169: Memory corruption in wmv parsing

Summary				In	Importance	Status
	690169	Memory corruption in wmv parsing		vlc (Ubuntu)	Undecided	Invalid
	690169	Memory corruption in wmv parsing		ffmpeg (Ubuntu)	Undecided	Fix Released

Bug #738134: Needed security upgrade for ffmpeg in lucid

		In	Importance	Status
738134	Needed security upgrade for ffmpeg in lucid	ffmpeg (Ubuntu)	Medium	Fix Released
738134	Needed security upgrade for ffmpeg in lucid	ffmpeg (Ubuntu Hardy)	Medium	Fix Released
738134	Needed security upgrade for ffmpeg in lucid	ffmpeg (Ubuntu Karmic)	Medium	Fix Released
738134	Needed security upgrade for ffmpeg in lucid	ffmpeg (Ubuntu Maverick)	Medium	Fix Released
738134	Needed security upgrade for ffmpeg in lucid	ffmpeg (Ubuntu Lucid)	Medium	Fix Released
738134	Needed security upgrade for ffmpeg in lucid	Medibuntu	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://git.ffmpeg.org/...
CONFIRM: https://roundup.ffmpeg...
DEBIAN: DSA-2165
SECUNIA: 43323
CONFIRM: http://ffmpeg.mplayerh...
MANDRIVA: MDVSA-2011:060
MANDRIVA: MDVSA-2011:061
MANDRIVA: MDVSA-2011:062
MANDRIVA: MDVSA-2011:088
MANDRIVA: MDVSA-2011:089
UBUNTU: USN-1104-1
BID: 46294
VUPEN: ADV-2011-1241
DEBIAN: DSA-2306
MANDRIVA: MDVSA-2011:112
MANDRIVA: MDVSA-2011:114