Bug#628448: several vulnerabilities: CVE-2011-2162 CVE-2011-2161 CVE-2011-2160
white at debian.org
Sun May 29 03:23:17 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
the following CVE (Common Vulnerabilities & Exposures) ids were
published for libav.
| Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as
| used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0,
| 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva
| Enterprise Server 5 (aka MES5) have unknown impact and attack vectors,
| related to issues "originally discovered by Google Chrome developers."
| The ape_read_header function in ape.c in libavformat in FFmpeg before
| 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other
| products, allows remote attackers to cause a denial of service
| (application crash) via an APE (aka Monkey's Audio) file that contains
| a header but no frames.
| The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in
| MPlayer and other products, does not properly restrict read
| operations, which allows remote attackers to have an unspecified
| impact via a crafted VC-1 file, a related issue to CVE-2011-0723.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the pkg-multimedia-maintainers