|
|
Log in / Subscribe / Register

ffmpeg: multiple code-execution vulnerabilities

Package(s):ffmpeg CVE #(s):CVE-2011-4351 CVE-2011-4353 CVE-2011-4364 CVE-2011-4579
Created:January 4, 2012 Updated:August 30, 2012
Description: Multiple vulnerabilities have been found in the ffmpeg audio application.

  • CVE-2011-4351: a buffer overflow in the QDM2 decoder.

  • CVE-2011-4353: out-of-bounds reads in vp5_parse_coeff() and vp6_parse_coeff().

  • CVE-2011-4364: obscure vulnerability in vmd_decode() disclosed in this paper [PDF]

  • CVE-2011-4579: A thoroughly mysterious vulnerability as of this writing.
Alerts:
Gentoo 201310-12 ffmpeg 2013-10-25
Mandriva MDVSA-2012:148 ffmpeg 2012-08-30
Mandriva MDVSA-2012:074-1 ffmpeg 2012-08-30
Mandriva MDVSA-2012:076 ffmpeg 2012-05-15
Mandriva MDVSA-2012:075 ffmpeg 2012-05-15
Mandriva MDVSA-2012:074 ffmpeg 2012-05-14
Ubuntu USN-1333-1 libav 2012-01-17
Ubuntu USN-1320-1 ffmpeg 2012-01-05
Debian DSA-2378-1 ffmpeg 2012-01-03
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds