ffmpeg-debian - buffer overflow

Several vulnerabilities have been discovered in FFmpeg coders, which are used
by MPlayer and other applications.

• CVE-2010-3429
  Cesar Bernardini and Felipe Andres Manzano reported an arbitrary offset
  dereference vulnerability in the libavcodec, in particular in the FLIC file
  format parser. A specific FLIC file may exploit this vulnerability and execute
  arbitrary code. Mplayer is also affected by this problem, as well as other
  software that use this library.
• CVE-2010-4704
  Greg Maxwell discovered an integer overflow the Vorbis decoder in FFmpeg. A
  specific Ogg file may exploit this vulnerability and execute arbitrary code.
• CVE-2010-4705
  A potential integer overflow has been discovered in the Vorbis decoder in
  FFmpeg.

This upload also fixes an incomplete patch from DSA-2000-1. Michael Gilbert
noticed that there was remaining vulnerabilities, which may cause a denial of
service and potentially execution of arbitrary code.

For the oldstable distribution (lenny), this problem has been fixed in
version 0.svn20080206-18+lenny3.

We recommend that you upgrade your ffmpeg-debian packages.