The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to width/height changing with frame threads.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ffmpeg | Ffmpeg | 0.7.1 (including) | 0.7.1 (including) |
| Ffmpeg | Ffmpeg | 0.7.2 (including) | 0.7.2 (including) |
| Ffmpeg | Ffmpeg | 0.7.3 (including) | 0.7.3 (including) |
| Ffmpeg | Ffmpeg | 0.7.4 (including) | 0.7.4 (including) |
| Ffmpeg | Ffmpeg | 0.7.5 (including) | 0.7.5 (including) |
| Ffmpeg | Ffmpeg | 0.7.6 (including) | 0.7.6 (including) |
| Ffmpeg | Ffmpeg | 0.7.7 (including) | 0.7.7 (including) |
| Ffmpeg | Ffmpeg | 0.7.8 (including) | 0.7.8 (including) |
| Ffmpeg | Ffmpeg | 0.7.9 (including) | 0.7.9 (including) |
| Ffmpeg | Ffmpeg | 0.7.11 (including) | 0.7.11 (including) |
| Ffmpeg | Ubuntu | hardy | * |
| Libav | Ubuntu | upstream | * |
References
- http://ffmpeg.org/security.html
- http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=71db86d53b5c6872cea31bf714a1a38ec78feaba
- http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=71db86d53b5c6872cea31bf714a1a38ec78feaba
- http://libav.org/news.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:079
- http://ffmpeg.org/security.html
- http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=71db86d53b5c6872cea31bf714a1a38ec78feaba
- http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=71db86d53b5c6872cea31bf714a1a38ec78feaba
- http://libav.org/news.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:079