blob: 39e07c3db580647250b989b0ecc0df0dd6fdcf93 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200609-09">
<title>FFmpeg: Buffer overflows</title>
FFmpeg is vulnerable to multiple buffer overflows that might be exploited
to execute arbitrary code.
<product type="ebuild">ffmpeg</product>
<announced>September 13, 2006</announced>
<revised>December 13, 2006: 02</revised>
<package name="media-video/ffmpeg" auto="yes" arch="*">
<unaffected range="ge">0.4.9_p20060530</unaffected>
<vulnerable range="lt">0.4.9_p20060530</vulnerable>
FFmpeg is a very fast video and audio converter.
FFmpeg contains buffer overflows in the AVI processing code.
<impact type="normal">
An attacker could trigger the buffer overflows by enticing a user to
load a specially crafted AVI file in an application using the FFmpeg
library. This might result in the execution of arbitrary code in the
context of the running application.
There is no known workaround at this time.
All FFmpeg users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-video/ffmpeg-0.4.9_p20060530&quot;</code>
<uri link="">CVE-2006-4799</uri>
<uri link="">CVE-2006-4800</uri>
<metadata tag="submitter" timestamp="Tue, 12 Sep 2006 15:05:01 +0000">
<metadata tag="bugReady" timestamp="Tue, 12 Sep 2006 15:13:14 +0000">