The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in
FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x
before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before
0.8.1, allows remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code via a crafted media file.
Notes
Author |
Note |
mdeslaur |
ffmpeg-extra in multiverse needs to have matching version libav-extra is built with tarball produced by libav package code not present in ffmpeg 0.5.x |