Gentoo: GLSA-201310-12: FFmpeg: Multiple vulnerabilities
Summary
Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers and FFmpeg changelogs referenced below for details.
Resolution
All FFmpeg users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/ffmpeg-1.0.7"
References
[ 1 ] CVE-2009-4631
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4631
[ 2 ] CVE-2009-4632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4632
[ 3 ] CVE-2009-4633
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4633
[ 4 ] CVE-2009-4634
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4634
[ 5 ] CVE-2009-4635
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4635
[ 6 ] CVE-2009-4636
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4636
[ 7 ] CVE-2009-4637
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4637
[ 8 ] CVE-2009-4638
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4638
[ 9 ] CVE-2009-4639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4639
[ 10 ] CVE-2009-4640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4640
[ 11 ] CVE-2010-3429
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3429
[ 12 ] CVE-2010-3908
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3908
[ 13 ] CVE-2010-4704
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4704
[ 14 ] CVE-2010-4704
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4704
[ 15 ] CVE-2010-4705
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4705
[ 16 ] CVE-2011-1931
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1931
[ 17 ] CVE-2011-3362
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3362
[ 18 ] CVE-2011-3893
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3893
[ 19 ] CVE-2011-3895
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3895
[ 20 ] CVE-2011-3929
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3929
[ 21 ] CVE-2011-3934
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3934
[ 22 ] CVE-2011-3935
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3935
[ 23 ] CVE-2011-3936
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3936
[ 24 ] CVE-2011-3937
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3937
[ 25 ] CVE-2011-3940
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3940
[ 26 ] CVE-2011-3941
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3941
[ 27 ] CVE-2011-3944
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3944
[ 28 ] CVE-2011-3945
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3945
[ 29 ] CVE-2011-3946
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3946
[ 30 ] CVE-2011-3947
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3947
[ 31 ] CVE-2011-3949
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3949
[ 32 ] CVE-2011-3950
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3950
[ 33 ] CVE-2011-3951
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3951
[ 34 ] CVE-2011-3952
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3952
[ 35 ] CVE-2011-3973
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3973
[ 36 ] CVE-2011-3974
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3974
[ 37 ] CVE-2011-4351
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4351
[ 38 ] CVE-2011-4352
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4352
[ 39 ] CVE-2011-4353
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4353
[ 40 ] CVE-2011-4364
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4364
[ 41 ] CVE-2012-0947
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0947
[ 42 ] CVE-2012-2771
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2771
[ 43 ] CVE-2012-2772
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2772
[ 44 ] CVE-2012-2773
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2773
[ 45 ] CVE-2012-2774
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2774
[ 46 ] CVE-2012-2775
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2775
[ 47 ] CVE-2012-2776
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2776
[ 48 ] CVE-2012-2777
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2777
[ 49 ] CVE-2012-2778
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2778
[ 50 ] CVE-2012-2779
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2779
[ 51 ] CVE-2012-2780
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2780
[ 52 ] CVE-2012-2781
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2781
[ 53 ] CVE-2012-2782
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2782
[ 54 ] CVE-2012-2783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2783
[ 55 ] CVE-2012-2784
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2784
[ 56 ] CVE-2012-2785
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2785
[ 57 ] CVE-2012-2786
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2786
[ 58 ] CVE-2012-2787
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2787
[ 59 ] CVE-2012-2788
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2788
[ 60 ] CVE-2012-2789
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2789
[ 61 ] CVE-2012-2790
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2790
[ 62 ] CVE-2012-2791
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2791
[ 63 ] CVE-2012-2792
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2792
[ 64 ] CVE-2012-2793
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2793
[ 65 ] CVE-2012-2794
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2794
[ 66 ] CVE-2012-2795
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2795
[ 67 ] CVE-2012-2796
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2796
[ 68 ] CVE-2012-2797
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2797
[ 69 ] CVE-2012-2798
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2798
[ 70 ] CVE-2012-2799
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2799
[ 71 ] CVE-2012-2800
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2800
[ 72 ] CVE-2012-2801
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2801
[ 73 ] CVE-2012-2802
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2802
[ 74 ] CVE-2012-2803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2803
[ 75 ] CVE-2012-2804
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2804
[ 76 ] CVE-2012-2805
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2805
[ 77 ] CVE-2013-3670
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3670
[ 78 ] CVE-2013-3671
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3671
[ 79 ] CVE-2013-3672
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3672
[ 80 ] CVE-2013-3673
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3673
[ 81 ] CVE-2013-3674
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3674
[ 82 ] CVE-2013-3675
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3675
[ 83 ] FFmpeg 0.10.x Changelog
http://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=refs/heads/release/0.10
[ 84 ] FFmpeg 1.0.x Changelog
http://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=refs/heads/release/1.0
[ 85 ] NGS Secure Research NGS00068
[ 86 ] Secunia Advisory SA36760
https://www.flexera.com/products/software-vulnerability-research/secunia-research
[ 87 ] Secunia Advisory SA46134
https://www.flexera.com/products/software-vulnerability-research/secunia-research
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201310-12
Concerns
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
![Dist Gentoo](/images/distros/dist-gentoo.png)
Synopsis
Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code.
Background
FFmpeg is a complete solution to record, convert and stream audio and video.
Affected Packages
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-video/ffmpeg < 1.0.7 >= 1.0.7
Impact
===== A remote attacker could entice a user to open a specially crafted media file, possibly leading to the execution of arbitrary code with the privileges of the user running the application or a Denial of Service.
Workaround
There is no known workaround at this time.