FFmpeg updates address further security issues
Just over one week since the last round of security updates, the FFmpeg developers have published two more point releases to address multiple vulnerabilities in FFmpeg. According to a post on the project's home page, the new updates, versions 0.7.6 "Peace" and 0.8.5 "Love", fix security issues that could be exploited by an attacker to cause a denial-of-service (DoS) condition and compromise a victim's system.
In total, holes have been closed in more than 30 demuxers and decoders, as well as in the libx264 interface to the x264 encoder. For an attack to be successful, a victim must open a specially crafted media file. Versions up to and including 0.7.5 and 0.8.4 are affected. Users, distributors and system integrators are advised to upgrade.
FFmpeg is a free tool and library collection used to record, convert and stream audio and video files in various formats. It is used by several popular open source software projects including the VLC Media Player, MPlayer, Perian and others.
Further information about these security updates can be found in the change logs for 0.7.6 and 0.8.5. FFmpeg 0.7.6 and 0.8.5 are available to download from the project's site. FFmpeg is licensed under the LGPL or GPL depending upon the configuration used.
- FFmpeg Multiple Vulnerabilities, security advisory from Secunia.