Home / vulnerabilities

PDF

PLSA-2008-36.txt

Posted on 05 September 2008
Source : packetstormsecurity.org Link

 

------------------------------------------------------------------------
Pardus Linux Security Advisory 2008-36 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2008-09-05
Severity: 2
Type: Remote
------------------------------------------------------------------------

Summary
=======

There are multiple vulnerabilities detected in ffmpeg. Please update
your packages to the latest versions.


Description
===========

* Free in avcodec_close() avctx->rc_eq. Fix a memory leak.

* Buffer overflow in /libavcodec/dca.c. (patch by Alexander E. Patrakov)

* Prevent dts generation code to be executed when delay is>
MAX_REORDER_DELAY, this fixes overflow in AVStream->pts_buffer. (in
libavformat/utils.c())

* Tcp/udp memory leak

Affected packages:

Pardus 2008:
mplayer, all before 0.0_20080825-92-11
ffmpeg, all before 0.4.9_20080825-46-14


Resolution
==========

There are update(s) for mplayer, ffmpeg. You can update them via Package
Manager or with a single command from console:

pisi up mplayer ffmpeg

References
==========

* http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016011.html
* http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016012.html
* http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016352.html
* http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016136.html

------------------------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

 

TOP