Date: Thu, 12 Feb 2009 14:15:14 -0800 From: Mark Foster <mark@foster.cc> To: ports@freebsd.org Subject: ffmpeg vulnerability Message-ID: <49949F72.8040207@foster.cc>
next in thread | raw e-mail | index | archive | help
(Resending, I did not see it posted earlier) ffmpeg has 3 announced vulnerabilities in this past month. Here is the latest... 09.6.23 CVE: Not Available Platform: Cross Platform Title: FFmpeg "libavformat/4xm.c" Remote Code Execution Description: FFmpeg is an application used to record, convert, and stream audio and video. The application is exposed to a remote code execution issue because it fails to adequately validate user-supplied input. This issue occurs in the "libavformat/4xm.c" source file, and occurs because of a NULL pointer dereference error. FFmpeg trunk revision versions prior to 16846 are vulnerable. Ref: http://www.trapkit.de/advisories/TKADV2009-004.txt <http://www.trapkit.de/advisories/TKADV2009-004.txt>; Normally I would submit a vuxml entry, but not sure how to indicate the proper "fixed" versiona since the port uses 2008.07.07_7 while the fixed version is revision 16846. -- Realization #2031: That the "meaning of life" is now just another Google search. Mark D. Foster <mark@foster.cc> http://mark.foster.cc/ | http://conshell.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49949F72.8040207>