FFmpeg updates fix security vulnerabilities
Versions 0.5.5, 0.7.7 and 0.8.6 of FFmpeg have been released. The maintenance and security updates address a number of bugs and security holes found in previous releases, some of which are considered to be serious.
According to a news post on the project's home page, the 0.7.7 and 0.8.6 updates fix "around 90 bugs", closing several security holes. However, details of exactly which vulnerabilities have been fixed in these versions are not given. FFmpeg 0.5.5 updates the project's legacy 0.5.x branch and corrects "many serious security issues". These include denial-of-service (DoS) vulnerabilities, memory corruption issues, and a memory allocation problem that could lead to the execution of arbitrary code when opening a malicious file.
A full list of fixes and other changes can be found in the 0.5.5, 0.7.7 and 0.8.6 change logs. Versions 0.5.5, 0.7.7 and 0.8.6 are available from the project's Get FFmpeg page. All users are advised to upgrade. The developers advise distributors and system integrators to upgrade to the 0.7.x, 0.8.x branch or the current git master.
FFmpeg is a free tool and library collection used to record, convert and stream audio and video files in various formats. It is used by several popular open source software projects including the VLC Media Player, MPlayer, Perian and others. FFmpeg is licensed under the LGPL or GPL depending upon the configuration used.
- ffmpeg security update, a Debian security advisory.