Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 201310-12 ] FFmpeg: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1581

PostPosted: Fri Oct 25, 2013 7:26 pm    Post subject: [ GLSA 201310-12 ] FFmpeg: Multiple vulnerabilities Reply with quote

Gentoo Linux Security Advisory

Title: FFmpeg: Multiple vulnerabilities (GLSA 201310-12)
Severity: high
Exploitable: remote
Date: October 25, 2013
Bug(s): #285719, #307755, #339036, #352481, #365273, #378801, #382301, #384095, #385511, #389807, #391421, #397893, #401069, #411369, #420305, #433772, #439054, #454420, #465496, #473302, #473790, #476218, #482136
ID: 201310-12

Synopsis

Multiple vulnerabilities were found in FFmpeg, the worst of which
might enable remote attackers to cause user-assisted execution of arbitrary
code.


Background

FFmpeg is a complete solution to record, convert and stream audio and
video.


Affected Packages

Package: media-video/ffmpeg
Vulnerable: < 1.0.7
Unaffected: >= 1.0.7
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in FFmpeg. Please review
the CVE identifiers and FFmpeg changelogs referenced below for details.


Impact

A remote attacker could entice a user to open a specially crafted media
file, possibly leading to the execution of arbitrary code with the
privileges of the user running the application or a Denial of Service.


Workaround

There is no known workaround at this time.

Resolution

All FFmpeg users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=media-video/ffmpeg-1.0.7"
   


References

CVE-2009-4631
CVE-2009-4632
CVE-2009-4633
CVE-2009-4634
CVE-2009-4635
CVE-2009-4636
CVE-2009-4637
CVE-2009-4638
CVE-2009-4639
CVE-2009-4640
CVE-2010-3429
CVE-2010-3908
CVE-2010-4704
CVE-2010-4704
CVE-2010-4705
CVE-2011-1931
CVE-2011-3362
CVE-2011-3893
CVE-2011-3895
CVE-2011-3929
CVE-2011-3934
CVE-2011-3935
CVE-2011-3936
CVE-2011-3937
CVE-2011-3940
CVE-2011-3941
CVE-2011-3944
CVE-2011-3945
CVE-2011-3946
CVE-2011-3947
CVE-2011-3949
CVE-2011-3950
CVE-2011-3951
CVE-2011-3952
CVE-2011-3973
CVE-2011-3974
CVE-2011-4351
CVE-2011-4352
CVE-2011-4353
CVE-2011-4364
CVE-2012-0947
CVE-2012-2771
CVE-2012-2772
CVE-2012-2773
CVE-2012-2774
CVE-2012-2775
CVE-2012-2776
CVE-2012-2777
CVE-2012-2778
CVE-2012-2779
CVE-2012-2780
CVE-2012-2781
CVE-2012-2782
CVE-2012-2783
CVE-2012-2784
CVE-2012-2785
CVE-2012-2786
CVE-2012-2787
CVE-2012-2788
CVE-2012-2789
CVE-2012-2790
CVE-2012-2791
CVE-2012-2792
CVE-2012-2793
CVE-2012-2794
CVE-2012-2795
CVE-2012-2796
CVE-2012-2797
CVE-2012-2798
CVE-2012-2799
CVE-2012-2800
CVE-2012-2801
CVE-2012-2802
CVE-2012-2803
CVE-2012-2804
CVE-2012-2805
CVE-2013-3670
CVE-2013-3671
CVE-2013-3672
CVE-2013-3673
CVE-2013-3674
CVE-2013-3675

FFmpeg 0.10.x Changelog


FFmpeg 1.0.x Changelog


NGS Secure Research NGS00068

Secunia Advisory SA36760
Secunia Advisory SA46134
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum