Nom du paquet
gstreamer-ffmpeg
Date
2005-12-14
Advisory ID
MDKSA-2005:232
Affected versions
2006.0 i586 , 2006.0 x86_64

Problem description

Simon Kilvington discovered a vulnerability in FFmpeg libavcodec,
which can be exploited by malicious people to cause a DoS (Denial
of Service) and potentially to compromise a user's system.

The vulnerability is caused due to a boundary error in the
"avcodec_default_get_buffer()" function of "utils.c" in libavcodec.
This can be exploited to cause a heap-based buffer overflow when a
specially-crafted 1x1 ".png" file containing a palette is read.

Gstreamer-ffmpeg is built with a private copy of ffmpeg containing
this same code.

The updated packages have been patched to prevent this problem.

Updated packages

2006.0 i586

 1e7f7ad8be3efcc5152901d1de9050c7  2006.0/RPMS/gstreamer-ffmpeg-0.8.6-1.1.20060mdk.i586.rpm
 2923eb22aafa7aedd073516e47a7d94f  2006.0/SRPMS/gstreamer-ffmpeg-0.8.6-1.1.20060mdk.src.rpm

2006.0 x86_64

 617b165113eb1af7e805d7c2423a771b  x86_64/2006.0/RPMS/gstreamer-ffmpeg-0.8.6-1.1.20060mdk.x86_64.rpm
 2923eb22aafa7aedd073516e47a7d94f  x86_64/2006.0/SRPMS/gstreamer-ffmpeg-0.8.6-1.1.20060mdk.src.rpm

References