ffmpeg vulnerability in 4xm demuxer

Bug #323620 reported by Krinn on 2009-01-31
Affects Status Importance Assigned to Milestone
ffmpeg (Ubuntu)

Bug Description

Binary package hint: ffmpeg

FFmpeg (libavformat) prior to r16846 contains a vulnerability in the 4xm demuxer involving a lack of bounds checking which allows overwriting 4 bytes of data at a wide range of memory addresses.


Changed in ffmpeg:
status: New → Confirmed
Krinn (kr86420) wrote :

This is fixed in Jaunty, but not prior releases.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ffmpeg - 3:0.cvs20070307-5ubuntu4.2

ffmpeg (3:0.cvs20070307-5ubuntu4.2) gutsy-security; urgency=low

  * SECURITY UPDATE: denial of service via a malformed Ogg Media (OGM) file
    - debian/patches/100_security_CVE-2008-4610.diff: properly check return
      codes in libavcodec/vp3.c.
    - CVE-2008-4610
  * SECURITY UPDATE: buffer overflow caused by an incorrect DCA_MAX_FRAME_SIZE
    - debian/patches/101_security_CVE-2008-4867.diff: set DCA_MAX_FRAME_SIZE to
      a correct value in libavcodec/dca.c.
    - CVE-2008-4867
  * SECURITY UPDATE: arbitrary code execution via a malformed 4X movie file
    (LP: #323620)
    - debian/patches/102_security_CVE-2009-0385.diff: validate current_track
      value in libavformat/4xm.c.
    - CVE-2009-0385

 -- Marc Deslauriers <email address hidden> Fri, 13 Mar 2009 13:20:07 -0400

Changed in ffmpeg:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers