Full Disclosure mailing list archives
[PLSA 2008-36] Ffmpeg: Multiple vulnerabilities
From: Pardus Security Team <pinar () pardus org tr>
Date: Fri, 05 Sep 2008 16:49:30 +0300
------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-36 security () pardus org tr ------------------------------------------------------------------------ Date: 2008-09-05 Severity: 2 Type: Remote ------------------------------------------------------------------------ Summary ======= There are multiple vulnerabilities detected in ffmpeg. Please update your packages to the latest versions. Description =========== * Free in avcodec_close() avctx->rc_eq. Fix a memory leak. * Buffer overflow in /libavcodec/dca.c. (patch by Alexander E. Patrakov) * Prevent dts generation code to be executed when delay is> MAX_REORDER_DELAY, this fixes overflow in AVStream->pts_buffer. (in libavformat/utils.c()) * Tcp/udp memory leak Affected packages: Pardus 2008: mplayer, all before 0.0_20080825-92-11 ffmpeg, all before 0.4.9_20080825-46-14 Resolution ========== There are update(s) for mplayer, ffmpeg. You can update them via Package Manager or with a single command from console: pisi up mplayer ffmpeg References ========== * http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016011.html * http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016012.html * http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016352.html * http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016136.html ------------------------------------------------------------------------ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities Pardus Security Team (Sep 05)