Debian: DSA-2306-1 Moderate: FFmpeg Remote Access Threats
debian
September 11, 2011
Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder
Summary
Several vulnerabilities have been discovered in ffmpeg, a multimedia player,
server and encoder.
The Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2010-3908
FFmpeg before 0.5.4, allows remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute arbitrary code
via a malformed WMV file.
CVE-2010-4704
libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg allows remote
attackers to cause a denial of service (application crash) via a crafted
.ogg file, related to the vorbis_floor0_decode function.
CVE-2011-0480
Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg
allow remote attackers to cause a denial of service (memory corruption and
application crash) or possibly have unspecified other impact via a crafted
WebM file, related to buffers for the channel floor and the channel residue.
CVE-2011-0722
FFmpeg allows remote attackers to cause a denial of service (heap m...
PREVIOUS
NEXT
Package: ffmpeg
CVE ID: CVE-2010-3908 CVE-2010-4704 CVE-2011-0480 CVE-2011-0722
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!