Launchpad.net

CVE 2011-0723

FFmpeg 0.5.x, as used in MPlayer and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed VC-1 file.

Related bugs and status

CVE-2011-0723 (Candidate) is related to these bugs:

Bug #690169: Memory corruption in wmv parsing

Summary				In	Importance	Status
	690169	Memory corruption in wmv parsing		vlc (Ubuntu)	Undecided	Invalid
	690169	Memory corruption in wmv parsing		ffmpeg (Ubuntu)	Undecided	Fix Released

Bug #738134: Needed security upgrade for ffmpeg in lucid

		In	Importance	Status
738134	Needed security upgrade for ffmpeg in lucid	ffmpeg (Ubuntu)	Medium	Fix Released
738134	Needed security upgrade for ffmpeg in lucid	ffmpeg (Ubuntu Hardy)	Medium	Fix Released
738134	Needed security upgrade for ffmpeg in lucid	ffmpeg (Ubuntu Karmic)	Medium	Fix Released
738134	Needed security upgrade for ffmpeg in lucid	ffmpeg (Ubuntu Maverick)	Medium	Fix Released
738134	Needed security upgrade for ffmpeg in lucid	ffmpeg (Ubuntu Lucid)	Medium	Fix Released
738134	Needed security upgrade for ffmpeg in lucid	Medibuntu	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://ffmpeg.mplayerh...
MANDRIVA: MDVSA-2011:061
MANDRIVA: MDVSA-2011:062
MANDRIVA: MDVSA-2011:089
UBUNTU: USN-1104-1
BID: 47151
VUPEN: ADV-2011-1241
DEBIAN: DSA-2306
MANDRIVA: MDVSA-2011:112
MANDRIVA: MDVSA-2011:114