Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2005:231: ffmpeg Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the ffmpeg package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2005:231 (ffmpeg).
Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially to compromise a user's system. The vulnerability is caused due to a
boundary error in the 'avcodec_default_get_buffer()' function of 'utils.c' in
libavcodec. This can be exploited to cause a heap-based buffer overflow when a
specially-crafted 1x1 '.png' file containing a palette is read. The updated
packages have been patched to prevent this problem.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:231
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.