FFmpeg: Multiple vulnerabilities
Multiple vulnerabilities were found in FFmpeg, the worst of which
might enable remote attackers to cause user-assisted execution of arbitrary
code.
FFmpeg
October 25, 2013
October 25, 2013: 1
285719
307755
339036
352481
365273
378801
382301
384095
385511
389807
391421
397893
401069
411369
420305
433772
439054
454420
465496
473302
473790
476218
482136
remote
1.0.7
1.0.7
FFmpeg is a complete solution to record, convert and stream audio and
video.
Multiple vulnerabilities have been discovered in FFmpeg. Please review
the CVE identifiers and FFmpeg changelogs referenced below for details.
A remote attacker could entice a user to open a specially crafted media
file, possibly leading to the execution of arbitrary code with the
privileges of the user running the application or a Denial of Service.
There is no known workaround at this time.
All FFmpeg users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/ffmpeg-1.0.7"
CVE-2009-4631
CVE-2009-4632
CVE-2009-4633
CVE-2009-4634
CVE-2009-4635
CVE-2009-4636
CVE-2009-4637
CVE-2009-4638
CVE-2009-4639
CVE-2009-4640
CVE-2010-3429
CVE-2010-3908
CVE-2010-4704
CVE-2010-4704
CVE-2010-4705
CVE-2011-1931
CVE-2011-3362
CVE-2011-3893
CVE-2011-3895
CVE-2011-3929
CVE-2011-3934
CVE-2011-3935
CVE-2011-3936
CVE-2011-3937
CVE-2011-3940
CVE-2011-3941
CVE-2011-3944
CVE-2011-3945
CVE-2011-3946
CVE-2011-3947
CVE-2011-3949
CVE-2011-3950
CVE-2011-3951
CVE-2011-3952
CVE-2011-3973
CVE-2011-3974
CVE-2011-4351
CVE-2011-4352
CVE-2011-4353
CVE-2011-4364
CVE-2012-0947
CVE-2012-2771
CVE-2012-2772
CVE-2012-2773
CVE-2012-2774
CVE-2012-2775
CVE-2012-2776
CVE-2012-2777
CVE-2012-2778
CVE-2012-2779
CVE-2012-2780
CVE-2012-2781
CVE-2012-2782
CVE-2012-2783
CVE-2012-2784
CVE-2012-2785
CVE-2012-2786
CVE-2012-2787
CVE-2012-2788
CVE-2012-2789
CVE-2012-2790
CVE-2012-2791
CVE-2012-2792
CVE-2012-2793
CVE-2012-2794
CVE-2012-2795
CVE-2012-2796
CVE-2012-2797
CVE-2012-2798
CVE-2012-2799
CVE-2012-2800
CVE-2012-2801
CVE-2012-2802
CVE-2012-2803
CVE-2012-2804
CVE-2012-2805
CVE-2013-3670
CVE-2013-3671
CVE-2013-3672
CVE-2013-3673
CVE-2013-3674
CVE-2013-3675
FFmpeg 0.10.x Changelog
FFmpeg 1.0.x Changelog
NGS Secure Research NGS00068
Secunia Advisory SA36760
Secunia Advisory SA46134
underling
craig