Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0385 It was discovered that watching a malformed 4X movie file could lead to the execution of arbitrary code. CVE-2008-3162 It was discovered that using a crafted STR file can lead to the execution of arbitrary code. For the oldstable distribution (etch), these problems have been fixed in version 0.cvs20060823-8+etch1. For the stable distribution (lenny), these problems have been fixed in version 0.svn20080206-17+lenny1. For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 0.svn20080206-16. We recommend that you upgrade your ffmpeg-debian packages.
Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder. The Common Vulnerabilities and Exposures project identifies the following problems:
It was discovered that watching a malformed 4X movie file could lead to the execution of arbitrary code.
It was discovered that using a crafted STR file can lead to the execution of arbitrary code.
For the oldstable distribution (etch), these problems have been fixed in version 0.cvs20060823-8+etch4.
For the stable distribution (lenny), these problems have been fixed in version 0.svn20080206-17+lenny1.
For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 0.svn20080206-16.
We recommend that you upgrade your ffmpeg-debian packages.
MD5 checksums of the listed files are available in the original advisory.