[TAF] wml://security/2011/dsa-2165.wml
<define-tag description>buffer overflow</define-tag>
<define-tag moreinfo>
<p>Several vulnerabilities have been discovered in FFmpeg coders, which are used by
by MPlayer and other applications.</p>
<ul>
<li><a href="http://security-tracker.debian.org/tracker/CVE-2010-3429">CVE-2010-3429</a>
<p>Cesar Bernardini and Felipe Andres Manzano reported an arbitrary offset
dereference vulnerability in the libavcodec, in particular in the flic file
format parser. A specific flic file may exploit this vulnerability and execute
arbitrary code. Mplayer is also affected by this problem, as well as other
software that use this library.</p></li>
<li><a href="http://security-tracker.debian.org/tracker/CVE-2010-4704">CVE-2010-4704</a>
<p>Greg Maxwell discovered an integer overflow the Vorbis decoder in FFmpeg. A
specific ogg file may exploit this vulnerability and execute arbitrary code.</p></li>
<li><a href="http://security-tracker.debian.org/tracker/CVE-2010-4705">CVE-2010-4705</a>
<p>A potential integer overflow has been discovered in the Vorbis decoder in
FFmpeg.</p></li>
</ul>
<p>This upload also fixes an incomplete patch from DSA-2000-1. Michael Gilbert
noticed that there was remaining vulnerabilities, which may cause a denial of
service and potentially execution of arbitrary code.</p>
<p>For the oldstable distribution (lenny), this problem has been fixed in
version 0.svn20080206-18+lenny3.</p>
<p>We recommend that you upgrade your ffmpeg-debian packages.</p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/security/2011/dsa-2165.data"
# $Id: dsa-2165.wml,v 1.1 2011-02-18 20:16:19 spaillard Exp $
Reply to: