DSA-2000-1 ffmpeg-debian -- severalID: oval:org.secpod.oval:def:600090 | Date: (C)2011-01-28 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder, which also provides a range of multimedia libraries used in applications like MPlayer: Various programming errors in container and codec implementations may lead to denial of service or the execution of arbitrary code if the user is tricked into opening a malformed media file or stream. Affected and updated have been the implementations of the following codecs and container formats: - - the Vorbis audio codec - - the Ogg container implementation - - the FF Video 1 codec - - the MPEG audio codec - - the H264 video codec - - the MOV container implementation - - the Oggedc container implementation For the stable distribution , these problems have been fixed in version 0.svn20080206-18+lenny1. For the unstable distribution , these problems have been fixed in version 4:0.5+svn20090706-5. We recommend that you upgrade your ffmpeg packages.