MDVSA-2009:297-1

Package name

ffmpeg

Date

2009-12-05

Advisory ID

MDVSA-2009:297-1

Affected versions

2008.0 i586 , 2008.0 x86_64

Problem description

Vulnerabilities have been discovered and corrected in ffmpeg:

- The ffmpeg lavf demuxer allows user-assisted attackers to cause
a denial of service (application crash) via a crafted GIF file
(CVE-2008-3230)

- FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers
to cause a denial of service (memory consumption) via unknown vectors,
aka a Tcp/udp memory leak. (CVE-2008-4869)

- Integer signedness error in the fourxm_read_header function in
libavformat/4xm.c in FFmpeg before revision 16846 allows remote
attackers to execute arbitrary code via a malformed 4X movie file with
a large current_track value, which triggers a NULL pointer dereference
(CVE-2009-0385)

The updated packages fix this issue.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Updated packages

2008.0 i586

 10da9fc12452c7cde9ce292ea53caf10  2008.0/i586/ffmpeg-0.4.9-3.pre1.8994.2.3mdv2008.0.i586.rpm
 445a770a40e9dc01a10b6d359671b1af  2008.0/i586/libavformats51-0.4.9-3.pre1.8994.2.3mdv2008.0.i586.rpm
 a91631838f07bc4bb426324ecb8fb4b2  2008.0/i586/libavutil49-0.4.9-3.pre1.8994.2.3mdv2008.0.i586.rpm
 985ed365e67adf02d7c53ad234eb3671  2008.0/i586/libffmpeg51-0.4.9-3.pre1.8994.2.3mdv2008.0.i586.rpm
 6e8c5464b517a27fd81e9bf96d2d3476  2008.0/i586/libffmpeg51-devel-0.4.9-3.pre1.8994.2.3mdv2008.0.i586.rpm
 1ed84a832c2d512d8295e79b8f60b5cf  2008.0/i586/libffmpeg51-static-devel-0.4.9-3.pre1.8994.2.3mdv2008.0.i586.rpm 
 9cf052b2ccca2dea0bc80dcef6736108  2008.0/SRPMS/ffmpeg-0.4.9-3.pre1.8994.2.3mdv2008.0.src.rpm

2008.0 x86_64

 4395e487eab704996b16cd1f8e8b8827  2008.0/x86_64/ffmpeg-0.4.9-3.pre1.8994.2.3mdv2008.0.x86_64.rpm
 60f8a5659dc02de6cf2281e13560277e  2008.0/x86_64/lib64avformats51-0.4.9-3.pre1.8994.2.3mdv2008.0.x86_64.rpm
 6fe00332a7f3f0006859b0f321422c7d  2008.0/x86_64/lib64avutil49-0.4.9-3.pre1.8994.2.3mdv2008.0.x86_64.rpm
 c7c81b80917163dfee22fa9986fa112e  2008.0/x86_64/lib64ffmpeg51-0.4.9-3.pre1.8994.2.3mdv2008.0.x86_64.rpm
 4aad12d06a19aa84a9b07e412e2a5eab  2008.0/x86_64/lib64ffmpeg51-devel-0.4.9-3.pre1.8994.2.3mdv2008.0.x86_64.rpm
 c58315cfa21917e6b6385ad87ef01671  2008.0/x86_64/lib64ffmpeg51-static-devel-0.4.9-3.pre1.8994.2.3mdv2008.0.x86_64.rpm 
 9cf052b2ccca2dea0bc80dcef6736108  2008.0/SRPMS/ffmpeg-0.4.9-3.pre1.8994.2.3mdv2008.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0385
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4869
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3230