Package: ffmpeg Severity: important Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for ffmpeg. Patches are provided in the CVE notes.
CVE-2010-4704[0]: | libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and | earlier allows remote attackers to cause a denial of service | (application crash) via a crafted .ogg file, related to the | vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480. CVE-2010-4705[1]: | Integer overflow in the vorbis_residue_decode_internal function in | libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, | has unspecified impact and remote attack vectors, related to the sizes | of certain integer data types. NOTE: this might overlap CVE-2011-0480. If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4704 http://security-tracker.debian.org/tracker/CVE-2010-4704 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4705 http://security-tracker.debian.org/tracker/CVE-2010-4705 PoC available: http://roundup.ffmpeg.org/issue2322 l. _______________________________________________ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers