[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[TAF] wml://security/2011/dsa-2165.wml



<define-tag description>buffer overflow</define-tag>
<define-tag moreinfo>
<p>Several vulnerabilities have been discovered in FFmpeg coders, which are used by
by MPlayer and other applications.</p>


<ul>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2010-3429";>CVE-2010-3429</a>

  <p>Cesar Bernardini and Felipe Andres Manzano reported an arbitrary offset 
  dereference vulnerability in the libavcodec, in particular in the flic file 
  format parser. A specific flic file may exploit this vulnerability and execute
  arbitrary code. Mplayer is also affected by this problem, as well as other 
  software that use this library.</p></li>


<li><a href="http://security-tracker.debian.org/tracker/CVE-2010-4704";>CVE-2010-4704</a>

  <p>Greg Maxwell discovered an integer overflow the Vorbis decoder in FFmpeg. A 
  specific ogg file may exploit this vulnerability and execute arbitrary code.</p></li>


<li><a href="http://security-tracker.debian.org/tracker/CVE-2010-4705";>CVE-2010-4705</a>

  <p>A potential integer overflow has been discovered in the Vorbis decoder in 
  FFmpeg.</p></li>

</ul>


<p>This upload also fixes an incomplete patch from DSA-2000-1. Michael Gilbert 
noticed that there was remaining vulnerabilities, which  may cause a denial of 
service and potentially execution of arbitrary code.</p>

<p>For the oldstable distribution (lenny), this problem has been fixed in
version 0.svn20080206-18+lenny3.</p>

<p>We recommend that you upgrade your ffmpeg-debian packages.</p>

</define-tag>

# do not modify the following line
#include "$(ENGLISHDIR)/security/2011/dsa-2165.data"
# $Id: dsa-2165.wml,v 1.1 2011-02-18 20:16:19 spaillard Exp $


Reply to: