Bug#694483: CVEs: CVE-2012-2882 CVE-2012-5359 CVE-2012-5360 CVE-2012-5361

Reinhard Tartler siretart at gmail.com
Thu Jan 3 17:26:59 UTC 2013

tags 694483 moreinfo

Hi Arne,

Thanks for caring about security in libav. Sorry for the delay. I
tried hard to gather additional information about these issues, but
was not successful.

On Mon, Nov 26, 2012 at 8:30 PM, Arne Wichmann <aw at linux.de> wrote:

> I have here another series of CVEs for ffmpeg/libav:
> CVE-2012-2882

Libav's ogg decoder is a bit different to the one in FFmpeg. Can you
please provide a testfile so that we can test if this issue affects
Libav at all?

> CVE-2012-5359
> CVE-2012-5360
> CVE-2012-5361
> For the last 3 http://technet.microsoft.com/en-us/security/msvr/msvr12-017
> claims that they are fixed in ffmpeg 0.11, but the available information on
> all of them is a bit thin.

Sorry, without proper information what's going on here, there is
nothing that we can do about this. Again, please provide a sample that
demonstrates the issue.


More information about the pkg-multimedia-maintainers mailing list