Security update for Xvid
The Xvid developers have released version 1.2.2 of their MPEG-4 codec to fix three security-related issues. One of the flaws reportedly prevents a function of the xvidcore library from checking the resync marker range correctly.
In its short announcement, Xvid Solutions do not mention whether the flaws can be exploited for injecting code via specially crafted videos. However, the developers highly recommend that users update. The update also offers various minor improvements, for example more precision for RGB-to-YUV colour conversions.
The source code of the new version 1.2.2 is available in the download area. No pre-compiled versions have been released so far.
- Xvid 1.2.2 released, Xvid Solutions announcement.