ffmpeg vulnerability in 4xm demuxer

Bug #323620 reported by Krinn
256
Affects Status Importance Assigned to Milestone
ffmpeg (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: ffmpeg

FFmpeg (libavformat) prior to r16846 contains a vulnerability in the 4xm demuxer involving a lack of bounds checking which allows overwriting 4 bytes of data at a wide range of memory addresses.

https://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2009-January/019320.html

Changed in ffmpeg:
status: New → Confirmed
Revision history for this message
Krinn (kr86420) wrote :

This is fixed in Jaunty, but not prior releases.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ffmpeg - 3:0.cvs20070307-5ubuntu4.2

---------------
ffmpeg (3:0.cvs20070307-5ubuntu4.2) gutsy-security; urgency=low

  * SECURITY UPDATE: denial of service via a malformed Ogg Media (OGM) file
    - debian/patches/100_security_CVE-2008-4610.diff: properly check return
      codes in libavcodec/vp3.c.
    - CVE-2008-4610
  * SECURITY UPDATE: buffer overflow caused by an incorrect DCA_MAX_FRAME_SIZE
    value
    - debian/patches/101_security_CVE-2008-4867.diff: set DCA_MAX_FRAME_SIZE to
      a correct value in libavcodec/dca.c.
    - CVE-2008-4867
  * SECURITY UPDATE: arbitrary code execution via a malformed 4X movie file
    (LP: #323620)
    - debian/patches/102_security_CVE-2009-0385.diff: validate current_track
      value in libavformat/4xm.c.
    - CVE-2009-0385

 -- Marc Deslauriers <email address hidden> Fri, 13 Mar 2009 13:20:07 -0400

Changed in ffmpeg:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.