In association with heise online

23 September 2011, 12:31

FFmpeg updates close security holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

FFmpeg Logo In a post on its homepage, the FFmpeg project development team has announced the release of two point updates to FFmpeg to address even more security issues; the latest updates come just two weeks after 0.7.4 and 0.8.3 closed an integer underflow error, a signedness bug and a memory allocation vulnerability.

FFmpeg 0.7.5 "Peace" and 0.8.4 "Love" close a number of holes in the "svq3_get_se_golomb()" function which could be used by a remote attacker to compromise an application. For an attack to be successful, a victim must first open a specially crafted media file. Versions up to and including 0.7.4 and 0.8.3 are affected. The developers note that the updates also include bug fixes and some backported features, such as speex encoding support through libspeex.

FFmpeg is a free tool and library collection used to record, convert and stream audio and video files in various formats. It is used by several popular open source software projects including the VLC Media Player, MPlayer, Perian and others.

More details about the updates can be found in the change logs for 0.7.5 Direct download and 0.8.4 Direct download. Versions 0.7.5 and 0.8.4 are available from the project's download page. FFmpeg is licensed under the LGPL or GPL depending upon the configuration used.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit