Mandriva Linux Security Advisory : ffmpeg (MDVSA-2011:062)
Critical Nessus Plugin ID 53274
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities has been identified and fixed in ffmpeg :
FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop. (CVE-2009-4636)
flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an arbitrary offset dereference vulnerability. (CVE-2010-3429)
libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. (CVE-2010-4704)
Fix heap corruption crashes (CVE-2011-0722)
Fix invalid reads in VC-1 decoding (CVE-2011-0723)
And several additional vulnerabilities originally discovered by Google Chrome developers were also fixed with this advisory.
The updated packages have been patched to correct these issues.
SolutionUpdate the affected packages.