ffmpeg vulnerability

Mark Foster mark at foster.cc
Thu Feb 12 14:28:34 PST 2009

(Resending, I did not see it posted earlier)
ffmpeg has 3 announced vulnerabilities in this past month.
Here is the latest...
09.6.23 CVE: Not Available
Platform: Cross Platform
Title: FFmpeg "libavformat/4xm.c" Remote Code Execution
Description: FFmpeg is an application used to record, convert, and
stream audio and video. The application is exposed to a remote code
execution issue because it fails to adequately validate user-supplied
input. This issue occurs in the "libavformat/4xm.c" source file, and
occurs because of a NULL pointer dereference error. FFmpeg trunk
revision versions prior to 16846 are vulnerable.
Ref: http://www.trapkit.de/advisories/TKADV2009-004.txt 

Normally I would submit a vuxml entry, but not sure how to indicate the 
proper "fixed" versiona since the port uses 2008.07.07_7 while the fixed 
version is revision 16846.

Realization #2031: That the "meaning of life" is now just another Google search.
Mark D. Foster <mark at foster.cc>  
http://mark.foster.cc/ | http://conshell.net/

More information about the freebsd-ports mailing list