Mandriva Linux Security Advisory : ffmpeg (MDVSA-2009:297-1)
Critical Nessus Plugin ID 42809
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionVulnerabilities have been discovered and corrected in ffmpeg :
- The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file (CVE-2008-3230)
- FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a Tcp/udp memory leak. (CVE-2008-4869)
- Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference (CVE-2009-0385)
The updated packages fix this issue.
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
SolutionUpdate the affected packages.