Vulnerability found in FFmpeg library
A vulnerability has been found in FFmpeg that may be exploited by a (remote) attacker to execute arbitrary code in the context of FFmpeg or an application using the FFmpeg library. FFmpeg is a free tool and library collection which is used to record, convert and stream audio and video. It is used by several popular open source software projects including VLC media player, MPlayer, Perian, and others.
The cause of the problem, according to Tobias Klein, is an error in the during the processing of files in proprietary 4X movie format (4XM). For a successful attack, the victim must open a manipulated file.
FFmpeg versions before version 16846 are affected. Version 16846 has now been released and closes the hole in the libavformat/4xm.c
file. Users can upgrade from the FFMpeg repository or wait for the distributions to update.
See also:
- FFmpeg Type Conversion Vulnerability, a report from Tobias Klein
(crve)