Security update for Firefly Media Server
The current version 0.2.4.1 of Firefly Media Server resolves three vulnerabilities which allow attackers to crash the application or remotely execute arbitrary code. Firefly is an open source streaming server which was developed specifically for Roku Soundbridge and iTunes.
The vulnerabilities are caused by null pointer dererferencing and by a format string flaw in the integrated web server. Since Firefly is mainly used in local home networks the risk of exploitation is small.
- Firefly Media Server DoS, nnp advisory
- Firefly Media Server DoS #2, nnp advisory
- Firefly Media Server remote format string vulnerability, nnp advisory
(mba)