MDVSA-2009:297 -- Mandriva ffmpegID: oval:org.secpod.oval:def:300764 | Date: (C)2012-01-07 (M)2023-11-09 |
Class: PATCH | Family: unix |
Vulnerabilities have been discovered and corrected in ffmpeg: - The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service via a crafted GIF file - FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service via unknown vectors, aka a Tcp/udp memory leak. - Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference The updated packages fix this issue.
Platform: |
Mandriva Linux 2009.0 |