FFmpeg: Multiple vulnerabilities — GLSA 201310-12

Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code.

Affected packages

media-video/ffmpeg on all architectures
Affected versions < 1.0.7
Unaffected versions >= 1.0.7

Background

FFmpeg is a complete solution to record, convert and stream audio and video.

Description

Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers and FFmpeg changelogs referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted media file, possibly leading to the execution of arbitrary code with the privileges of the user running the application or a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All FFmpeg users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-video/ffmpeg-1.0.7"
 

References

Release date
October 25, 2013

Latest revision
October 25, 2013: 1

Severity
high

Exploitable
remote

Bugzilla entries