24298 2010-10-14 10:22:27 +0400 CVE-2010-3429: arbitrary offset dereference vulnerability in flic video codec 2011-07-19 10:33:38 +0400 1 1 4 Development Sisyphus ffmpeg unstable all Linux CLOSED FIXED http://www.ocert.org/advisories/ocert-2010-004.html security P3 blocker --- 1 crux rider darktemplar mike placeholder rider qa-sisyphus oldest_to_newest 113690 0 crux 2010-10-14 10:22:27 +0400 The vulnerability affects the flic file format parser, insufficient restrictions on a writable buffer can be exploited to execute arbitrary code via the heap memory. A specific flic file can be crafted to trigger the vulnerability. fixed in r25223 http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;=16c592155f117ccd7b86006c45aacc692a81c23b 113691 1 crux 2010-10-14 10:27:33 +0400 правильная ссылка: http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=16c592155f117ccd7b86006c45aacc692a81c23b 123303 2 mike 2011-07-19 10:33:38 +0400 * Thu Nov 04 2010 Sergey Bolshakov <sbolshakov@altlinux> 1:0.6-alt2 - 25671 revision from trunk