Solution
Please Install the Updated Packages.
Insight
Multiple vulnerabilities has been identified and fixed in ffmpeg:
FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop. (CVE-2009-4636)
flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an arbitrary offset dereference vulnerability. (CVE-2010-3429)
libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. (CVE-2010-4704)
Fix heap corruption crashes (CVE-2011-0722)
Fix invalid reads in VC-1 decoding (CVE-2011-0723)
And several additional vulnerabilites originally discovered by Google Chrome developers were also fixed with this advisory.
The updated packages have been patched to correct these issues.
Affected
ffmpeg on Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64
Severity
Classification
-
CVE CVE-2009-4636, CVE-2010-3429, CVE-2010-4704, CVE-2011-0722, CVE-2011-0723 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities