Pardus: ffmpeg Multiple DoS Vulnerabilities
Posted by Bill Keys   
Two vulnerabilities have been fixed in ffmpeg which can cause to a DoS (Denial of Service). An endless loop vulnerability when opening corrupt FLV files. And divided by zero vulnerability in sub_packet_size.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2008-77            security at pardus.org.tr
------------------------------------------------------------------------
      Date: 2008-12-02
  Severity: 3
      Type: Remote
------------------------------------------------------------------------

Summary
=======

Two vulnerabilities have been fixed in ffmpeg which can cause to a  DoS 
(Denial of Service) 


Description
===========

1. An endless loop vulnerability when opening corrupt FLV files  (issue 
699). -- fixed in r15738 

2. A divided by zero vulnerability  in  sub_packet_size.  --  fixed  in 
r15739 


Affected packages:

  Pardus 2008:
    ffmpeg, all before 0.4.9_20080909-48-16


Resolution
==========

There are update(s) for ffmpeg. You can update them via Package Manager 
or with a single command from console: 

    pisi up ffmpeg

References
==========

  * http://svn.pardus.org.tr/pardus/devel/applications/multimedia/ffmpeg/
  * http://bugs.pardus.org.tr/show_bug.cgi?id=8734

------------------------------------------------------------------------

-- 
Pardus Security Team
http://security.pardus.org.tr