FFmpeg Multiple Vulnerabilities
Last Update Date:
10 Apr 2012 14:15
Release Date:
10 Apr 2012
6175
Views
RISK: Medium Risk
TYPE: Clients - Audio & Video
Multiple vulnerabilities have been identified in FFmpeg, which can be exploited by malicious people to compromise an application using the library.
- A format string error exists within the "srt_to_ass()" function (libavcodec/srtdec.c) when parsing certain parameters.
- An integer overflow error exists within the "dirac_unpack_block_motion_data()" function (libavcodec/diracdec.c) when handling certain motion data.
- An integer overflow error exists within the "sws_init_context()" function (libswscale/utils.c) when decoding certain scale data.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
Impact
- Remote Code Execution
System / Technologies affected
- FFmpeg versions prior to 0.10.1.
Solutions
- Update to version 0.10.1 or later.
Vulnerability Identifier
- No CVE information is available
Source
Related Link
Share with