Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Debian 5.0: DSA-2000-1 Critical: ffmpeg Denial Of Service

debian
Calendar Grey February 18, 2010
Scroller Debian
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------
Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder, which also provides a range of multimedia libraries used in applications like MPlay...

Summary

Several vulnerabilities have been discovered in ffmpeg, a multimedia
player, server and encoder, which also provides a range of multimedia
libraries used in applications like MPlayer:

Various programming errors in container and codec implementations
may lead to denial of service or the execution of arbitrary code
if the user is tricked into opening a malformed media file or stream.

Affected and updated have been the implementations of the following
codecs and container formats:

- - the Vorbis audio codec
- - the Ogg container implementation
- - the FF Video 1 codec
- - the MPEG audio codec
- - the H264 video codec
- - the MOV container implementation
- - the Oggedc container implementation

For the stable distribution (lenny), these problems have been fixed in
version 0.svn20080206-18+lenny1.

For the unstable distribution (sid), these problems have been fixed in
version 4:0.5+svn20090706-5.

We recommend that you upgrade your ffmpeg packages.

Upgrade instructions
- --------------------

wget url
wil...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: ffmpeg-debian

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.