FFmpeg: Buffer overflows — GLSA 200609-09

FFmpeg is vulnerable to multiple buffer overflows that might be exploited to execute arbitrary code.

Affected packages

media-video/ffmpeg on all architectures
Affected versions < 0.4.9_p20060530
Unaffected versions >= 0.4.9_p20060530

Background

FFmpeg is a very fast video and audio converter.

Description

FFmpeg contains buffer overflows in the AVI processing code.

Impact

An attacker could trigger the buffer overflows by enticing a user to load a specially crafted AVI file in an application using the FFmpeg library. This might result in the execution of arbitrary code in the context of the running application.

Workaround

There is no known workaround at this time.

Resolution

All FFmpeg users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-video/ffmpeg-0.4.9_p20060530"

References

Release date
September 13, 2006

Latest revision
December 13, 2006: 02

Severity
normal

Exploitable
remote

Bugzilla entries