Summary
Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders/ demuxers for Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska, Vorbis, Sony ATRAC3, DV, NSV, files could lead to the execution of arbitrary code.
These issues were discovered by Aki Helin, Mateusz Jurczyk, Gynvael Coldwind, and Michael Niedermayer.
Solution
For the stable distribution (squeeze), this problem has been fixed in version 4:0.5.8-1.
For the unstable distribution (sid), this problem has been fixed in version 6:0.8.2-1 of libav.
We recommend that you upgrade your ffmpeg packages.
Insight
This package contains the ffplay multimedia player, the ffserver streaming server and the ffmpeg audio and video encoder. They support most existing file formats (AVI, MPEG, OGG, Matroska, ASF...) and encoding formats (MPEG, DivX, MPEG4, AC3, DV...).
Affected
ffmpeg on Debian Linux
Detection
This check tests the installed software version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-3892, CVE-2011-3893, CVE-2011-3895, CVE-2011-3929, CVE-2011-3936, CVE-2011-3940, CVE-2011-3947, CVE-2012-0853, CVE-2012-0947 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities