Multiple vulnerabilities has been found and corrected in ffmpeg: The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file . cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service via an invalid bitstream in a Chinese AVS video file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362 . Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service via an invalid bitstream in a Chinese AVS video file, a different vulnerability than CVE-2011-3362 . Double free vulnerability in the Theora decoder in FFmpeg allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream . FFmpeg does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service via unspecified vectors . Heap-based buffer overflow in the Vorbis decoder in FFmpeg allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream . An error within the QDM2 decoder can be exploited to cause a buffer overflow . An integer overflow error within the "vp3_dequant" function can be exploited to cause a buffer overflow . Errors within the "av_image_fill_pointers", the "vp5_parse_coeff", and the "vp6_parse_coeff" functions can be exploited to trigger out-of-bounds reads . It was discovered that Libav incorrectly handled certain malformed VMD files. If a user were tricked into opening a crafted VMD file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program . It was discovered that Libav incorrectly handled certain malformed SVQ1 streams. If a user were tricked into opening a crafted SVQ1 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program . The updated packages have been upgraded to the 0.6.5 version where these issues has been corrected.