FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ffmpeg -- multiple vulnerabilities

Affected packages
ffmpeg < 0.7.11,1

Details

VuXML ID ea2ddc49-3e8e-11e1-8095-5404a67eef98
Discovery 2011-09-14
Entry 2012-01-14

Ubuntu Security Notice USN-1320-1 reports:

Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4351)

Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed VP3 streams. If a user were tricked into opening a crafted file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4352)

Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed VP5 and VP6 streams. If a user were tricked into opening a crafted file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4353)

It was discovered that FFmpeg incorrectly handled certain malformed VMD files. If a user were tricked into opening a crafted VMD file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4364)

Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed SVQ1 streams. If a user were tricked into opening a crafted SVQ1 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4579)

References

CVE Name CVE-2011-4351
CVE Name CVE-2011-4352
CVE Name CVE-2011-4353
CVE Name CVE-2011-4364
CVE Name CVE-2011-4579
URL http://www.ubuntu.com/usn/usn-1320-1