Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

[PLSA 2008-77] ffmpeg: Multiple DoS Vulnerabilities

From: Pinar Yanardag <pinar () pardus org tr>
Date: Tue, 02 Dec 2008 09:08:46 +0200
------------------------------------------------------------------------
Pardus Linux Security Advisory 2008-77            security () pardus org tr
------------------------------------------------------------------------
      Date: 2008-12-02
  Severity: 3
      Type: Remote
------------------------------------------------------------------------

Summary
=======

Two vulnerabilities have been fixed in ffmpeg which can cause to a  DoS 
(Denial of Service) 


Description
===========

1. An endless loop vulnerability when opening corrupt FLV files  (issue 
699). -- fixed in r15738 

2. A divided by zero vulnerability  in  sub_packet_size.  --  fixed  in 
r15739 


Affected packages:

  Pardus 2008:
    ffmpeg, all before 0.4.9_20080909-48-16


Resolution
==========

There are update(s) for ffmpeg. You can update them via Package Manager 
or with a single command from console: 

    pisi up ffmpeg

References
==========

  * http://svn.pardus.org.tr/pardus/devel/applications/multimedia/ffmpeg/
  * http://bugs.pardus.org.tr/show_bug.cgi?id=8734

------------------------------------------------------------------------

-- 
Pardus Security Team
http://security.pardus.org.tr


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: