[Bug 323620] Re: ffmpeg vulnerability in 4xm demuxer
Launchpad Bug Tracker
323620 at bugs.launchpad.net
Mon Mar 16 18:40:54 UTC 2009
This bug was fixed in the package ffmpeg - 3:0.cvs20070307-5ubuntu4.2
---------------
ffmpeg (3:0.cvs20070307-5ubuntu4.2) gutsy-security; urgency=low
* SECURITY UPDATE: denial of service via a malformed Ogg Media (OGM) file
- debian/patches/100_security_CVE-2008-4610.diff: properly check return
codes in libavcodec/vp3.c.
- CVE-2008-4610
* SECURITY UPDATE: buffer overflow caused by an incorrect DCA_MAX_FRAME_SIZE
value
- debian/patches/101_security_CVE-2008-4867.diff: set DCA_MAX_FRAME_SIZE to
a correct value in libavcodec/dca.c.
- CVE-2008-4867
* SECURITY UPDATE: arbitrary code execution via a malformed 4X movie file
(LP: #323620)
- debian/patches/102_security_CVE-2009-0385.diff: validate current_track
value in libavformat/4xm.c.
- CVE-2009-0385
-- Marc Deslauriers <marc.deslauriers at ubuntu.com> Fri, 13 Mar 2009
13:20:07 -0400
** Changed in: ffmpeg (Ubuntu)
Status: Confirmed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-4610
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-4867
--
ffmpeg vulnerability in 4xm demuxer
https://bugs.launchpad.net/bugs/323620
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list