[ MDVSA-2009:297 ] ffmpeg

Kirjoittaja **dude67** » 14 Marras 2009, 11:00

_______________________________________________________________________

Package : ffmpeg
Date : November 13, 2009
Affected: 2009.0, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Vulnerabilities have been discovered and corrected in ffmpeg:

- The ffmpeg lavf demuxer allows user-assisted attackers to cause
a denial of service (application crash) via a crafted GIF file
(CVE-2008-3230)

- FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers
to cause a denial of service (memory consumption) via unknown vectors,
aka a Tcp/udp memory leak. (CVE-2008-4869)

- Integer signedness error in the fourxm_read_header function in
libavformat/4xm.c in FFmpeg before revision 16846 allows remote
attackers to execute arbitrary code via a malformed 4X movie file with
a large current_track value, which triggers a NULL pointer dereference
(CVE-2009-0385)

The updated packages fix this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-3230
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-4869
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-0385
_______________________________________________________________________

[ MDVSA-2009:297 ] ffmpeg

[ MDVSA-2009:297 ] ffmpeg

Paikallaolijat