In association with heise online

04 October 2011, 10:07

FFmpeg updates address further security issues

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

FFmpeg logo Just over one week since the last round of security updates, the FFmpeg developers have published two more point releases to address multiple vulnerabilities in FFmpeg. According to a post on the project's home page, the new updates, versions 0.7.6 "Peace" and 0.8.5 "Love", fix security issues that could be exploited by an attacker to cause a denial-of-service (DoS) condition and compromise a victim's system.

In total, holes have been closed in more than 30 demuxers and decoders, as well as in the libx264 interface to the x264 encoder. For an attack to be successful, a victim must open a specially crafted media file. Versions up to and including 0.7.5 and 0.8.4 are affected. Users, distributors and system integrators are advised to upgrade.

FFmpeg is a free tool and library collection used to record, convert and stream audio and video files in various formats. It is used by several popular open source software projects including the VLC Media Player, MPlayer, Perian and others.

Further information about these security updates can be found in the change logs for 0.7.6 and 0.8.5. FFmpeg 0.7.6 and 0.8.5 are available to download from the project's site. FFmpeg is licensed under the LGPL or GPL depending upon the configuration used.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit