CVE 2012-5144
Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrite when switching to LTP profile from MAIN."
Related bugs and status
CVE-2012-5144 (Candidate) is related to these bugs:
Bug #1069930: chromium-browser package lacks chromedriver binary
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1069930 | chromium-browser package lacks chromedriver binary | chromium-browser (Ubuntu) | Wishlist | Fix Released | ||
Bug #1084852: Chromium still tries to enable NEON on arm* builds when told not to
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1084852 | Chromium still tries to enable NEON on arm* builds when told not to | chromium-browser (Ubuntu) | High | Fix Released | ||
| 1084852 | Chromium still tries to enable NEON on arm* builds when told not to | Chromium Browser | Unknown | Unknown | ||
| 1084852 | Chromium still tries to enable NEON on arm* builds when told not to | chromium-browser (Ubuntu Oneiric) | Medium | Won't Fix | ||
| 1084852 | Chromium still tries to enable NEON on arm* builds when told not to | chromium-browser (Ubuntu Precise) | Medium | Fix Released | ||
| 1084852 | Chromium still tries to enable NEON on arm* builds when told not to | chromium-browser (Ubuntu Quantal) | Medium | Fix Released | ||
Bug #1099075: new upstream release: 24.0.1312.56
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1099075 | new upstream release: 24.0.1312.56 | chromium-browser (Ubuntu) | High | Fix Released | ||
| 1099075 | new upstream release: 24.0.1312.56 | chromium-browser (Ubuntu Lucid) | High | Fix Released | ||
| 1099075 | new upstream release: 24.0.1312.56 | chromium-browser (Ubuntu Oneiric) | High | Fix Released | ||
| 1099075 | new upstream release: 24.0.1312.56 | chromium-browser (Ubuntu Precise) | High | Fix Released | ||
| 1099075 | new upstream release: 24.0.1312.56 | chromium-browser (Ubuntu Quantal) | High | Fix Released | ||
| 1099075 | new upstream release: 24.0.1312.56 | chromium-browser (Ubuntu Raring) | High | Fix Released | ||
Bug #1101829: Missing alternative libavutil-exta-51 dependency
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1101829 | Missing alternative libavutil-exta-51 dependency | libav (Ubuntu) | Undecided | Fix Released | ||
Bug #1104019: January 2013 libav security tracking bug
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1104019 | January 2013 libav security tracking bug | libav (Ubuntu) | Undecided | Fix Released | ||
| 1104019 | January 2013 libav security tracking bug | libav (Ubuntu Oneiric) | Undecided | Fix Released | ||
| 1104019 | January 2013 libav security tracking bug | libav (Ubuntu Precise) | Undecided | Fix Released | ||
| 1104019 | January 2013 libav security tracking bug | libav (Ubuntu Raring) | Undecided | Fix Released | ||
| 1104019 | January 2013 libav security tracking bug | libav (Ubuntu Quantal) | Undecided | Fix Released | ||
Bug #1143929: Devel dependencies are too strict for libav-extra packages
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1143929 | Devel dependencies are too strict for libav-extra packages | libav (Ubuntu) | Undecided | Fix Released | ||
Bug #1160734: Merge Libav 0.8.6-1 from unstable
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1160734 | Merge Libav 0.8.6-1 from unstable | libav (Ubuntu) | High | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
