Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 523
Alerts This Week
Warning Icon 1 523

Debian: DSA-1781-1 Critical: ffmpeg Arbitrary Code Execution

debian
Calendar Grey April 29, 2009
Scroller Debian
- ------------------------------------------------------------------------ Debian Security Advisory
Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder

Summary

Several vulnerabilities have been discovered in ffmpeg, a multimedia
player, server and encoder. The Common Vulnerabilities and Exposures
project identifies the following problems:


CVE-2009-0385

It was discovered that watching a malformed 4X movie file could lead to
the execution of arbitrary code.

CVE-2008-3162

It was discovered that using a crafted STR file can lead to the
execution of arbitrary code.


For the oldstable distribution (etch), these problems have been fixed
in version 0.cvs20060823-8+etch1.

For the stable distribution (lenny), these problems have been fixed in
version 0.svn20080206-17+lenny1.

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 0.svn20080206-16.


We recommend that you upgrade your ffmpeg-debian packages.


Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.