Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian Security Advisory DSA 2306-1 (ffmpeg)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to ffmpeg announced via advisory DSA 2306-1.
Insight
Insight
Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3908 FFmpeg before 0.5.4, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file. CVE-2010-4704 libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. CVE-2011-0480 Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for the channel floor and the channel residue. CVE-2011-0722 FFmpeg allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file. For the stable distribution (squeeze), this problem has been fixed in version 4:0.5.4-1. Security support for ffmpeg has been discontinued for the oldstable distribution (lenny). The current version in oldstable is not supported by upstream anymore and is affected by several security issues. Backporting fixes for these and any future issues has become unfeasible and therefore we need to drop our security support for the version in oldstable.
Solution
Solution
We recommend that you upgrade your ffmpeg packages.