Tags: security patch
the following CVE (Common Vulnerabilities & Exposures) ids were
published for ffmpeg. Patches are provided in the CVE notes.
| libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and
| earlier allows remote attackers to cause a denial of service
| (application crash) via a crafted .ogg file, related to the
| vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480.
| Integer overflow in the vorbis_residue_decode_internal function in
| libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6,
| has unspecified impact and remote attack vectors, related to the sizes
| of certain integer data types. NOTE: this might overlap CVE-2011-0480.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
PoC available: http://roundup.ffmpeg.org/issue2322
pkg-multimedia-maintainers mailing list