Vigil@nce - FFmpeg: several vulnerabilities
April 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can create a malicious video, and invite the victim to
display it with an application linked to FFmpeg, in order to stop
it or to execute code on his computer.
Severity: 2/4
Creation date: 19/03/2012
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The FFmpeg suite contains several libraries to process multimedia
data.
It is impacted by several vulnerabilities in the jpeglsdec,
proresdec, diracdec, diracdec, qpeg and srtdec modules.
An attacker can therefore create a malicious video, and invite the
victim to display it with an application linked to FFmpeg, in
order to stop it or to execute code on his computer.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/FFmpeg-several-vulnerabilities-11455