Some vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
1) Errors within the Vorbis Decoder (libavcodec/vorbis_dec.c) component when processing certain Vorbis files can be exploited to e.g. cause a crash or memory corruption by tricking a user into opening specially crafted Vorbis files.
2) An error within the handling of malformed VC1 files can be exploited to e.g. cause a stack corruption by tricking a user into opening specially crafted VC1 files.
3) An error within the "ape_read_header()" function in libavformat/ape.c can be exploited to e.g. cause a division by zero or memory corruption by tricking a user into opening specially crafted APE files.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: FFmpeg Multiple Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.