DSA 2165-1: ffmpeg-debian security update
Posted on: 02/16/2011 06:56 PM

A fmpeg-debian security update has been released for Debian GNU/Linux

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2165-1 security@debian.org
http://www.debian.org/security/ Luciano Bello
February 16, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : ffmpeg-debian
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2010-3429 CVE-2010-4704 CVE-2010-4705

Several vulnerabilities have been discovered in FFmpeg coders, which are used by
by MPlayer and other applications.


Cesar Bernardini and Felipe Andres Manzano reported an arbitrary offset
dereference vulnerability in the libavcodec, in particular in the flic file
format parser. A specific flic file may exploit this vulnerability and execute
arbitrary code. Mplayer is also affected by this problem, as well as other
software that use this library.


Greg Maxwell discovered an integer overflow the Vorbis decoder in FFmpeg. A
specific ogg file may exploit this vulnerability and execute arbitrary code.


A potential integer overflow has been discovered in the Vorbis decoder in

This upload also fixes an incomplete patch from DSA-2000-1. Michael Gilbert
noticed that there was remaining vulnerabilities, which may cause a denial of
service and potentially execution of arbitrary code.

For the oldstable distribution (lenny), this problem has been fixed in
version 0.svn20080206-18+lenny3.

We recommend that you upgrade your ffmpeg-debian packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_2165_1_ffmpeg_debian_security_update.html)