Package: ffmpeg Version: 0.cvs20050918-5 Severity: grave Tags: security Justification: user security hole
An exploitable heap overflow has been found in libavcodec's handling of images with PIX_FMT_PAL8 pixel formats. Please see http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558 for more information and a demo image. Upstream's fix can be found at http://mplayerhq.hu/pipermail/ffmpeg-cvslog/2005-December/000979.html Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-2-686 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages ffmpeg depends on: ii libc6 2.3.5-8.1 GNU C Library: Shared libraries an ii libdc1394-13 1.1.0-2 high level programming interface f ii libfreetype6 2.1.10-1 FreeType 2 font engine, shared lib ii libgsm1 1.0.10-13 Shared libraries for GSM speech co ii libimlib2 1.2.1-2 powerful image loading and renderi ii libogg0 1.1.2-1 Ogg Bitstream Library ii libraw1394-5 0.10.1-1.1 library for direct access to IEEE ii libsdl1.2debian 1.2.9-0.0 Simple DirectMedia Layer ii libtheora0 0.0.0.alpha4-1.1 The Theora Video Compression Codec ii libvorbis0a 1.1.0-1 The Vorbis General Audio Compressi ii libvorbisenc2 1.1.0-1 The Vorbis General Audio Compressi ii libx11-6 6.8.2.dfsg.1-11 X Window System protocol client li ii xlibs 6.8.2.dfsg.1-11 X Window System client libraries m ii zlib1g 1:1.2.3-8 compression library - runtime ffmpeg recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]