Security Information / 2012 / Security Information -- DSA-2494-1 ffmpeg

Debian Security Advisory

DSA-2494-1 ffmpeg -- several vulnerabilities

Date Reported:

14 Jun 2012

Affected Packages:

ffmpeg

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2011-3951, CVE-2011-3952, CVE-2012-0851, CVE-2012-0852.

More information:

It was discovered that FFmpeg, Debian's version of the Libav media codec suite, contains vulnerabilities in the DPCM codecs (CVE-2011-3951), H.264 (CVE-2012-0851), ADPCM (CVE-2012-0852), and the KMVC decoder (CVE-2011-3952).

In addition, this update contains bug fixes from the Libav 0.5.9 upstream release.

For the stable distribution (squeeze), these problems have been fixed in version 4:0.5.9-1.

For the unstable distribution (sid), these problems have been fixed in version 6:0.8.3-1.

We recommend that you upgrade your ffmpeg packages.