Major security flaw with FFmpeg - or the bug that went to Mars ..
Chris J Brady
chrisjbrady at yahoo.com
Sun Jul 6 02:32:17 PDT 2014
RISKS-LIST: Risks-Forum Digest Saturday 5 July 2014 Volume 28 : Issue 06
Raising Lazarus - The 20 Year Old Bug that Went to Mars
Buffer overflows in 20-year-old LZ decompression code (Don A. Bailey via Henry Baker)
Users
All users of FFmpeg, Libav, and projects that depend on them, should
consider themselves at risk to remote code execution. Period. Please
update your software from the FFmpeg and Libav websites, or refrain from
using these applications until your distribution has an adequate patch.
Technical details of the 'bug' which even exists on Mars!! can be found here:
Raising Lazarus - The 20 Year Old Bug that Went to Mars
http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html
https://groups.google.com/forum/#!topic/comp.risks/pniAM_boB_s
CJB
More information about the get_iplayer
mailing list