CVE-2008-3230

Publication date 18 July 2008

Last updated 24 July 2024

Ubuntu priority

The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file, possibly related to gstreamer, as demonstrated by lol-giftopnm.gif.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
ffmpeg	8.10 intrepid	Ignored
	8.04 LTS hardy	Ignored
	7.10 gutsy	Ignored
	7.04 feisty	Ignored
	6.06 LTS dapper	Ignored
ffmpeg-debian	8.10 intrepid	Ignored
	8.04 LTS hardy	Not in release
	7.10 gutsy	Not in release
	7.04 feisty	Not in release
	6.06 LTS dapper	Not in release

Notes

mdeslaur

Reproducer is here: http://libcaca.zoy.org/attachment/wiki/zzuf/bugs/lol-giftopnm.gif?format=raw This is just a dos, and upstream fixed this by removing the gif demuxer which would cause a regression for a stable release, so I opt to not fix this...

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
ffmpeg-debian	Vendor: http://patch-tracking.debian.net/patch/series/view/ffmpeg-debian/0.svn20080206-17/050_CVE-2008-3230.patch

References

Other references

https://www.cve.org/CVERecord?id=CVE-2008-3230