Multiple vulnerabilities have been discovered in AtomicParsley, the worst of which could result in arbitrary code execution.
Package | media-video/atomicparsley on all architectures |
---|---|
Affected versions | < 0.9.6_p20210715_p151551 |
Unaffected versions | >= 0.9.6_p20210715_p151551 |
Package | media-video/atomicparsley-wez on all architectures |
---|---|
Affected versions | <= 0.9.6 |
Unaffected versions |
AtomicParsley is a command line program for manipulating iTunes-style metadata in MPEG4 files.
Multiple vulnerabilities have been discovered in AtomicParsley. Please review the CVE identifiers referenced below for details.
Please review the referenced CVE identifiers for details.
Users can pass only trusted input to AtomicParsley.
Previously, the "wez" AtomicParsley fork was packaged in Gentoo as media-video/atomicparsley-wez. This fork is now packaged as media-video/atomicparsley, so users of the fork's package should now depclean it:
# emerge --ask --depclean "media-video/atomicparsley-wez"
All AtomicParsley users should upgrade to the latest version, which is a packaging of the "wez" AtomicParsley fork:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-video/atomicparsley-0.9.6_p20210715_p151551"
Release date
May 03, 2023
Latest revision
May 03, 2023: 1
Severity
normal
Exploitable
remote
Bugzilla entries