web/security: add FFmpeg 0.10.9
[ffmpeg-web.git] / src / security
1 <h1>FFmpeg Security</h1>
2
3 <p>Please report vulnerabilities to <a href="mailto:ffmpeg-security@ffmpeg.org">ffmpeg-security@ffmpeg.org</a></p>
4
5 <h2>FFmpeg 2.1</h2>
6 <h3>2.1</h3>
7 <p>
8 Fixes following vulnerabilities:
9 </p>
10 <pre>
11 commit 29ffeef5e73b8f41ff3a3f2242d356759c66f91f
12 commit 3819db745da2ac7fb3faacb116788c32f4753f34
13 commit 454a11a1c9c686c78aa97954306fb63453299760
14 commit 547d690d676064069d44703a1917e0dab7e33445
15 commit 780669ef7c23c00836a24921fcc6b03be2b8ca4a
16 commit 821a5938d100458f4d09d634041b05c860554ce0
17 commit 86736f59d6a527d8bc807d09b93f971c0fe0bb07
18 commit 880c73cd76109697447fbfbaa8e5ee5683309446
19 commit 8bb11c3ca77b52e05a9ed1496a65f8a76e6e2d8f
20 commit 912ce9dd2080c5837285a471d750fa311e09b555
21 commit 9a271a9368eaabf99e6c2046103acb33957e63b7
22 commit a1b9004b768bef606ee98d417bceb9392ceb788d
23 commit b05cd1ea7e45a836f7f6071a716c38bb30326e0f
24 commit cdd5df8189ff1537f7abe8defe971f80602cc2d2
25 commit e07ac727c1cc9eed39e7f9117c97006f719864bd
26 commit f31011e9abfb2ae75bb32bc44e2c34194c8dc40a
27 commit fe448cd28d674c3eff3072552eae366d0b659ce9
28 </pre>
29
30 <h2>FFmpeg 2.0</h2>
31 <h3>2.0.1</h3>
32 <p>
33 Fixes following vulnerabilities:
34 </p>
35 <pre>
36 CVE-2013-4263, 1bf2461765c58aad5829ea45a2885d11f50b73f0 / e43a0a232dbf6d3c161823c2e07c52e76227a1bc
37 CVE-2013-4264, acf511de34e0b79fff0183e06ed37f1aa8dc3d94 / 2960576378d17d71cc8dccc926352ce568b5eec1
38 CVE-2013-4265, 211374e52a933a2b3f21a4d6e66e9f1b0623e44e / c94f9e854228e0ea00e1de8769d8d3f7cab84a55
39 </pre>
40
41 <h3>2.0</h3>
42 <p>
43 Fixes following vulnerabilities:
44 </p>
45 <pre>
46 CVE-2013-3670, c1f2c4c3b49277d65b71ccdd3b6b2878f1b593eb
47 CVE-2013-3671, 7edb984dd051b6919d7d8471c70499273f31b0fa
48 CVE-2013-3672, 8d3c99e825317b7efda5fd12e69896b47c700303
49 CVE-2013-3673, d23b8462b5a4a9da78ed45c4a7a3b35d538df909
50 CVE-2013-3674, ad002e1a13a8df934bd6cb2c84175a4780ab8942
51 CVE-2013-3675, 9dd04f6d8cdd1c10c28b2cb4252c1a41df581915
52 </pre>
53
54
55 <h2>FFmpeg 1.2</h2>
56 <h3>1.2.1</h3>
57 <p>
58 Fixes following vulnerabilities:
59 </p>
60 <pre>
61 CVE-2013-3670, 0baa0a5a02e16ef097ed9f72bc8a7d7b585c7652 / c1f2c4c3b49277d65b71ccdd3b6b2878f1b593eb
62 CVE-2013-3671, cc0dd86580b3257f22a4981a79eb5fa6804182b6 / 7edb984dd051b6919d7d8471c70499273f31b0fa
63 CVE-2013-3672, 7fa6db2545643efb4fe2e0bb501fa50af35a6330 / 8d3c99e825317b7efda5fd12e69896b47c700303
64 CVE-2013-3673, 7ee5e97c46e30fb3d6f9f78cc3313dbc06528b37 / d23b8462b5a4a9da78ed45c4a7a3b35d538df909
65 CVE-2013-3674, 7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd / ad002e1a13a8df934bd6cb2c84175a4780ab8942
66 CVE-2013-3675, 524d0d2cfc7bab1b348f85e7c0369859e63781cf / 9dd04f6d8cdd1c10c28b2cb4252c1a41df581915
67 </pre>
68
69 <h3>1.2</h3>
70 <p>
71 Fixes following vulnerabilities:
72 </p>
73 <pre>
74 CVE-2013-2495, 3dbc0ff9c3e6f6e0d08ea3d42cb33761bae084ba
75 CVE-2013-2496, e398990eb87785e20e065cd3f14d1dbb69df4392
76 CVE-2013-0870, 14c8ee00ffd9d45e6e0c6f11a957ce7e56f7eb3a
77 </pre>
78
79
80 <h2>FFmpeg 1.1</h2>
81 <h3>1.1.4</h3>
82 <p>
83 Fixes following vulnerabilities:
84 </p>
85 <pre>
86 CVE-2013-2495, f719e6566c08dc1e18cf1caf07ba8c0e93cd7283 / 3dbc0ff9c3e6f6e0d08ea3d42cb33761bae084ba
87 CVE-2013-2496, e398990eb87785e20e065cd3f14d1dbb69df4392 / b9a1efa6f4d4cda20ce796614ff5b0c523df5672
88 </pre>
89
90 <h3>1.1.3</h3>
91 <p>
92 Fixes following vulnerabilities:
93 </p>
94 <pre>
95 CVE-2013-2277, 02d1efdd5b61cefb96562ff9b94c03486a8ead15 / bdeb61ccc67911cfc5e20c7cfb1312d0501ca90a
96 CVE-2013-2276, 469cb61193861baf46cce76f98985b026b08cd8d / 8a6449167a6da8cb747cfe3502ae86ffaac2ed48
97 CVE-2013-0872, 7c40a0449b4771a0a09c3c38e081d3869d1f917b / 21cd905cd44a4bbafe8631bbaa6021d328413ce5
98 CVE-2013-0873, 811a504c6bc2586a8ea5d52fbcfee94277123eb5 / 4f1279154ee9baf2078241bf5619774970d18b25
99 CVE-2013-0874, 75211f2b8cfb8b4a3f47c514e55585651eeb2767 / e1219cdaf9fb4bc8cea410e1caf802373c1bfe51
100 CVE-2013-0875, f6687bbb6464532f14b3246cdb7b03f6d04b25cb / 1ac0fa50eff30d413206cffa5f47f7fe6d4849b1
101 CVE-2013-0876, 1400f1a1e46d72dc38d4cee66f611d91c3a1f49b / 5260edee7e5bd975837696c8c8c1a80eb2fbd7c1
102 CVE-2013-0877, 1ea5bbc5940d2ea5ec1eea83cccef331d737f5f6 / 365270aec5c2b9284230abc702b11168818f14cf
103 CVE-2013-0878, f5955d9f6f9ffdb81864c3de1c7b801782a55725 / 796012af6c780b5b13ebca39a491f215515a18fe
104 </pre>
105
106 <h3>1.1.2</h3>
107 <p>
108 Fixes following vulnerabilities:
109 </p>
110 <pre>
111 CVE-2013-0862, f4fb841ad13bab66d4fb0c7ff2a94770df7815d8 / 49b729d3af8464de431362e6c5b3027102bc2f88
112 CVE-2013-0863, 62c9beda0c189db5cb61fa772057e3af9521f293 / 7357ca900efcf829de4cce4cec6ddc286526d417
113 CVE-2013-0864, 9547034f9120187e23ad76424dd4d70247e62212 / c10350358da58600884292c08a8690289b81de29
114 CVE-2013-0865, f3d16706060ab6ae6dc78f15359fab3fd87c9495 / ab6c9332bfa1e20127a16392a0b85a4aa4840889
115 CVE-2013-0866, 47e462eecc0a47ad40f59376199f93f227e21d13 / 96f452ac647dae33c53c242ef3266b65a9beafb6
116 CVE-2013-0867, 3ef1538121fa6daeb1767510f1d4ae2c306c9fec / 11c99c78bafa77f679a1a3ba06ad00984b9a4cae
117 CVE-2013-0868, 6baa54924980e1f0e8121e4715d16ed1adcd2a23 / f67a0d115254461649470452058fa3c28c0df294
118                75e88db33013eaa7ab74457f5556df677b4ffb42 / 0dfc01c2bbf4b71bb56201bc4a393321e15d1b31
119 CVE-2013-0869, eaa9d2cd6b8c1e2722d5bfc56ea67fde865200ce / 695af8eed642ff0104834495652d1ee784a4c14d
120 </pre>
121
122 <h3>1.1.1</h3>
123 <p>
124 Fixes following vulnerabilities:
125 </p>
126 <pre>
127 CVE-2013-0860, 68a0477bc0af026db971ddba22541029a9e8715b / 23318a57358358e7a4dc551e830e4503f0638cfe
128 CVE-2013-0861, 43c6b45a53a186a187f7266e4d6bd3c2620519f1 / d270c3202539e8364c46410e15f7570800e33343
129 </pre>
130
131 <h3>1.1</h3>
132 <p>
133 Fixes following vulnerabilities:
134 </p>
135 <pre>
136 CVE-2013-0844, f18c873ab5ee3c78d00fdcc2582b39c133faecb4
137 CVE-2013-0845, 0ceca269b66ec12a23bf0907bd2c220513cdbf16
138 CVE-2013-0846, a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed
139 CVE-2013-0847, 10416a4d56fa8a89784e4fb62099c3cab17a9952
140 CVE-2013-0848, 6abb9a901fca27da14d4fffbb01948288b5da3ba
141 CVE-2013-0849, 3ae610451170cd5a28b33950006ff0bd23036845
142 CVE-2013-0850, d6c184880ee2e09fd68c0ae217173832cee5afc1
143 CVE-2013-0851, 63ac64864c6e0e84355aa3caa5b92208997a9a8d
144 CVE-2013-0852, c0d68be555f5858703383040e04fcd6529777061
145 CVE-2013-0853, be818df547c3b0ae4fadb50fd210139a8636706a
146 CVE-2013-0854, 1f41cffe1e3e79620f587545bdfcbd7e6e68ed29
147 CVE-2013-0855, 3920d1387834e2bc334aff9f518f4beb24e470bd
148 CVE-2013-0856, fd4f4923cce6a2cbf4f48640b4ac706e614a1594
149 CVE-2013-0857, 2fbb37b51bbea891392ad357baf8f3dff00bac05
150 CVE-2013-0858, 13451f5520ce6b0afde861b2285dda659f8d4fb4
151 CVE-2013-0859, 6d1c5ea04af3e345232aa70c944de961061dab2d
152 </pre>
153
154 <h2>FFmpeg 1.0</h2>
155 <h3>1.0.4</h3>
156 <p>
157 Fixes following vulnerabilities:
158 </p>
159 <pre>
160 CVE-2013-0866, c459c7b23efffab762560e41ad6a2c0dbbfd4915 / 96f452ac647dae33c53c242ef3266b65a9beafb6
161 CVE-2013-0865, 08e2c7a45f82b897a285548c257972eb1ad352c5 / ab6c9332bfa1e20127a16392a0b85a4aa4840889
162 CVE-2013-0863, 89e16e675d3cbe76cf4581f98bf4ac300cab0286 / 7357ca900efcf829de4cce4cec6ddc286526d417
163 CVE-2013-0861, 4cd1dad91ae97fe1f0dd534c3f5566787566f137 / d270c3202539e8364c46410e15f7570800e33343
164 CVE-2013-0860, 3e196e4def03c7a91423803402f84d638d316c33 / 23318a57358358e7a4dc551e830e4503f0638cfe
165 CVE-2013-0858, 2502914c5f8eb77659d7c0868396862557a63245 / 13451f5520ce6b0afde861b2285dda659f8d4fb4
166 CVE-2013-0845, 6df0d3e2916c223dbe4262bf1b876dff1cb3f980 / 0ceca269b66ec12a23bf0907bd2c220513cdbf16
167 CVE-2013-0844, 85a14dbd5dca34320f58b1ba11dd6dd0df4fb3be / f18c873ab5ee3c78d00fdcc2582b39c133faecb4
168 CVE-2013-0868, b666debffec1fcbb19ef377635a53b9a58bca8a4 / f67a0d115254461649470452058fa3c28c0df294
169                db0f7f7394e1f994ed38db043f78ed0f10bde0da / 0dfc01c2bbf4b71bb56201bc4a393321e15d1b31
170 CVE-2013-0862, 8eda88868399de00806cf21a966d9660db4ae9b4 / 49b729d3af8464de431362e6c5b3027102bc2f88
171 </pre>
172
173 <h3>1.0.2</h3>
174 <p>
175 Fixes following (minor) vulnerabilities:
176 </p>
177 <pre>
178 commit 20c121c00747d6c3b0b0f98deeff021171b2ed74 / c83002a4f8042ccfa0688a9a18e8fa0369c1fda8
179 commit 68e48ed72e0597ae61bc3e9e6e6d9edcb1a00073 / 7d66bc7920240cc0e8df6c44b2d2cdbe4b228fbe
180 commit 9929991da7b843e7d80154fcacc4e80579b86a2d / cbe43e62c9ac7d4aefdc13476f6f691bd626525f
181 commit e74cd2f4706f71da5e9205003c1d8263b54ed3fb / 03847eb8259291b4ff1bd840bd779d0699d71f96
182 </pre>
183
184 <h3>1.0.1</h3>
185 <p>
186 Fixes following vulnerabilities:
187 </p>
188 <pre>
189 CVE-2013-0859, 0b9be54e97fa574867d5e99a3623d1db7df7b274 / 6d1c5ea04af3e345232aa70c944de961061dab2d
190 CVE-2013-0857, 112d4c400f0e0d5d1621fc8db515907cffaae259 / 2fbb37b51bbea891392ad357baf8f3dff00bac05
191 CVE-2013-0856, e0884eadf6a15e93142131b695f48776f9a0ac31 / fd4f4923cce6a2cbf4f48640b4ac706e614a1594
192 CVE-2013-0855, c8c9740ee1ea4a4f857a24b1ce05dcd07b72ec2d / 3920d1387834e2bc334aff9f518f4beb24e470bd
193 CVE-2013-0853, c51c5f83c13b0fa3e332e59bf764fdc598476b2e / be818df547c3b0ae4fadb50fd210139a8636706a
194 CVE-2013-0852, 28bf685bfc6d0c744369cdf367f61a78d80d0b01 / c0d68be555f5858703383040e04fcd6529777061
195 CVE-2013-0851, c8833a13cf530fbf5b1d579cd1ae527a0904403f / 63ac64864c6e0e84355aa3caa5b92208997a9a8d
196 CVE-2013-0850, c82d6e05da0898c45ae915fb808e175f6a4ec7e5 / d6c184880ee2e09fd68c0ae217173832cee5afc1
197 CVE-2013-0849, 38e8f78c041bd28f5b8d32f2fd945eae8ce28598 / 3ae610451170cd5a28b33950006ff0bd23036845
198 CVE-2013-0848, 74241de7ed501a34e7dfe291eed3339ca7b50755 / 6abb9a901fca27da14d4fffbb01948288b5da3ba
199 CVE-2013-0846, e34369e8ece08b7bd820366dea5965f4c40c0080 / a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed
200 </pre>
201
202 <h2>FFmpeg 0.11</h2>
203
204 <h3>0.11.4</h3>
205 <p>
206 Fixes following vulnerabilities:
207 </p>
208 <pre>
209 CVE-2013-0869, 1934bb75361e7859873c6bf94ee1ceb17981c550 / 695af8eed642ff0104834495652d1ee784a4c14d
210 CVE-2013-4358, 39ed5442620a7a0fd2328b7d4aefc6ae152c5441 / b9d887c225466576ae80ef7f2b109e866ff137b2
211 </pre>
212
213 <h3>0.11</h3>
214 <p>
215 Fixes following vulnerabilities:
216 </p>
217 <pre>
218 CVE-2012-2772, cb7190cd2c691fd93e4d3664f3fce6c19ee001dd
219 CVE-2012-2774, 59a4b73531428d2f420b4dad545172c8483ced0f
220 CVE-2012-2775, 9d3032b960ae03066c008d6e6774f68b17a1d69d
221 CVE-2012-2776, ba775a54bc2136ec5da85385a923b05ee6fab159
222 CVE-2012-2777, 25715064c2ef4978672a91f8c856f3e8809a7c45
223 CVE-2012-2779, 229e4c133287955d5f3f837520a3602709b21950
224 CVE-2012-2782, 9a57a37b7041581c10629c8241260a5d7bfbc1e7
225 CVE-2012-2783, d85b3c4fff4c4b255232fcc01edbd57f19d60998
226 CVE-2012-2785, 326f7a68bbd429c63fd2f19f4050658982b5b081
227                d462949974668ffb013467d12dc4934b9106fe19
228 CVE-2012-2786, d1c95d2ce39560e251fdb14f4af91b04fd7b845c
229 CVE-2012-2787, 01bf2ad7351fdaa2e21b6bdf963d22d6ffccb920
230 CVE-2012-2788, c41ac870470c614185e1752c11f892809022248a
231 CVE-2012-2789, 97a5addfcf0029d0f5538ed70cb38cae4108a618
232 CVE-2012-2790, 2837d8dc276760db1821b81df3f794a90bfa56e6
233 CVE-2012-2791, 0846719dd11ab3f7a7caee13e7af71f71d913389
234 CVE-2012-2792, d442c4462a2692e27a24e1a9d0eb6f18725c7bd8
235 CVE-2012-2793, 83c7803f55b3231faeb93c1a634399a70fae9480
236 CVE-2012-2794, 5ad7335ebac2b38bb2a1c8df51a500b78461c05a
237 CVE-2012-2795, a0abefb0af64a311b15141062c77dd577ba590a3
238                2a7063de547b1d8fb1cef523469390fb59fb2c50
239                b3a43515827f3d22a881c33b87384f01c86786fd
240 CVE-2012-2796, 5e59a77cec804a9b44c60ea22c17beba6453ef23
241 CVE-2012-2797, cca9528524c7a4b91451f4322bd50849af5d057e
242 CVE-2012-2798, 72b9537d8886f679494651df517dfed9b420cf1f
243 CVE-2012-2799, 64bd7f8e4db1742e86c5ed02bd530688b74063e3
244 CVE-2012-2800, f0bf9e9c2a65e9a2b9d9e4e94f99acb191dc7ae7
245 CVE-2012-2801, 1df49142bab1b7bccd11392aa9e819e297d21a6e
246 CVE-2012-2802, 2c22701c371c2f3dea21fcdbb97c981939fb77af
247 CVE-2012-2803, 951cbea56fdc03ef96d07fbd7e5bed755d42ac8a
248 CVE-2012-2804, 4a80ebe491609e04110a1dd540a0ca79d3be3d04
249 </pre>
250
251 <h2>FFmpeg 0.10</h2>
252
253 <h3>0.10.9</h3>
254 <p>
255 Fixes following vulnerabilities:
256 </p>
257 <pre>
258 1a311ad99a57ec3cd4f821f8a4c22973e2b4d740 / 9a271a9368eaabf99e6c2046103acb33957e63b7
259 20854f9bffd2130b6b987c439c2b4002aa177dd0 / f31011e9abfb2ae75bb32bc44e2c34194c8dc40a
260 9300b1f64e5b85164e50d95dfed4a66452cb667e / 86736f59d6a527d8bc807d09b93f971c0fe0bb07
261 a99aff4e4bbef8e64b51f267cd1769214e1b4e80 / 454a11a1c9c686c78aa97954306fb63453299760
262 e288124394840f9e37e110afe47c737044372f89 / 880c73cd76109697447fbfbaa8e5ee5683309446
263 ef8145270f4a91216b24b1552c73e7eda140c8b6 / 3819db745da2ac7fb3faacb116788c32f4753f34
264 </pre>
265
266 <h3>0.10.7</h3>
267 <p>
268 Fixes following vulnerabilities:
269 </p>
270 <pre>
271 CVE-2013-0868, b07c791252707c88f610daa668eae3ddc6fbccc7 / 0dfc01c2bbf4b71bb56201bc4a393321e15d1b31
272                ba4b57e8024a9635b4eaf7f3cc08837b065bd4c9 / f67a0d115254461649470452058fa3c28c0df294
273 c3d7c805bc9c1ed584e92649cd8fa8cbb7010967 / c83002a4f8042ccfa0688a9a18e8fa0369c1fda8
274 </pre>
275
276 <h3>0.10.6</h3>
277 <p>
278 Fixes following vulnerabilities:
279 </p>
280 <pre>
281 CVE-2012-2796, CVE-2012-2775, CVE-2012-2772, CVE-2012-2776,
282 CVE-2012-2779, CVE-2012-2787, CVE-2012-2794, CVE-2012-2800,
283 CVE-2012-2802, CVE-2012-2801, CVE-2012-2786, CVE-2012-2798,
284 CVE-2012-2793, CVE-2012-2789, CVE-2012-2788, CVE-2012-2790,
285 CVE-2012-2777, CVE-2012-2784
286 </pre>
287 <h3>0.10.3</h3>
288 <p>
289 Fixes following vulnerabilities:
290 </p>
291 <pre>
292 CVE-2012-0947, CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, CVE-2012-2780,
293 CVE-2012-2781, CVE-2012-2805,
294 </pre>
295 <h3>0.10</h3>
296 <p>
297 Fixes following vulnerabilities:
298 </p>
299 <pre>
300 CVE-2011-3929, CVE-2011-3934, CVE-2011-3935, CVE-2011-3936,
301 CVE-2011-3937, CVE-2011-3940, CVE-2011-3941, CVE-2011-3944,
302 CVE-2011-3945, CVE-2011-3946, CVE-2011-3947, CVE-2011-3949,
303 CVE-2011-3950, CVE-2011-3951, CVE-2011-3952
304 </pre>
305 <p>
306 and several others that do not have a CVE number.
307 Many of these issues can be exploited when a remote file is
308 played back and some are probable arbitrary code execution vulnerabilities.
309 </p>
310
311 <p>
312 FFmpeg 0.10 is unaffected by:
313 </p>
314 <pre>
315 CVE-2011-3930, CVE-2011-3931, CVE-2011-3932, CVE-2011-3933,
316 CVE-2011-3938, CVE-2011-3939, CVE-2011-3942, CVE-2011-3943,
317 CVE-2011-3948.
318 </pre>
319
320 <h2>FFmpeg 0.9</h2>
321 <h3>0.9.1</h3>
322 <p>
323 Fixes following vulnerabilities:
324 </p>
325 <pre>
326 CVE-2011-3893, CVE-2011-3895,
327
328 CVE-2012-0847 FFmpeg ae21776207e8a2bbe268e7c9e203f7599dd87ddb lavfi:
329 add missing check in avfilter_filter_samples()
330
331 CVE-2012-0848 FFmpeg 5257743aee0c3982f0079e6553aabc6aa39401d2 ws_snd1:
332 Fix wrong samples count and crash.
333
334 CVE-2012-0849 FFmpeg 1f99939a6361e2e6d6788494dd7c682b051c6c34 j2kdec:
335 Fix integer overflow leading to a segfault
336
337 CVE-2012-0850 FFmpeg 944f5b2779e4aa63f7624df6cd4de832a53db81b aacsbr:
338 Fix memory corruption.
339
340 CVE-2012-0851 FFmpeg 7fff64e00d886fde11d61958888c82b461cf99b9 h264:
341 check chroma_format_idc range.
342
343 CVE-2012-0852 FFmpeg 608708009f69ba4cecebf05120c696167494c897 adpcm:
344 Fix crash
345
346 CVE-2012-0853 FFmpeg 9af6abdc17deb95c9b1f1d9242ba49b8b5e0b016 atrac3:
347 Fix crash in tonal component decoding.
348
349 CVE-2012-0854 FFmpeg 6d8e6fe9dbc365f50521cf0c4a5ffee97c970cb5
350 CODEC_ID_SOL_DPCM: Fix used write buffer.
351
352 CVE-2012-0855 FFmpeg 3eedf9f716733b3b4c5205726d2c1ca52b3d3d78 j2kdec:
353 Check curtileno for validity
354
355 CVE-2012-0856 FFmpeg 21270cffaeab2f67a613907516b2b0cd6c9eacf4 h263dec:
356 Fix regression / crash with lowres.
357
358 CVE-2012-0857 FFmpeg 282bb02839b1ce73963c8e3ee46804f1ade8b12a j2kdec:
359 Fix crash in get_qcx
360
361 CVE-2012-0858 FFmpeg 18bcfc912e48bf77a5202a0e24a3b884b9b2ff2c shorten:
362 Fix invalid free()
363
364 CVE-2012-0859 FFmpeg 6fcf2bb8af0e7d6bb179e71e67e5fab8ef0d2ec2 vorbis:
365 Fix last quarter of CVE-2011-3893
366 </pre>
367 <p>and more security issues that
368 have no CVE number. Many of these issues can be exploited when a remote file is
369 played back and a few are probable arbitrary code execution vulnerabilities</p>
370
371
372 <h2>FFmpeg 0.8</h2>
373 <h3>0.8.11</h3>
374 <p>
375 Fixes following vulnerabilities:
376 </p>
377 <pre>
378 CVE-2012-0853, CVE-2012-0858, CVE-2011-3929, CVE-2011-3936,
379 CVE-2011-3937, CVE-2011-3940, CVE-2011-3945, CVE-2011-3947
380 Several security issues that dont have CVE numbers.
381 </pre>
382
383 <h3>0.8.10</h3>
384 <p>Fixes CVE-2011-3893 and CVE-2011-3895, and many more</p>
385
386 <h3>0.8.7</h3>
387 <p>Fixes CVE-2011-4352/NGS00145, CVE-2011-4579/NGS00148, CVE-2011-4351, NGS00144, CVE-2011-4353 among others</p>
388
389 <h3>0.8.6</h3>
390 <p>Fixes CVE-2011-3892 among others</p>
391
392 <h3>0.8.5</h3>
393 <p>Fixes CVE-2011-4364 among others</p>
394
395 <h2>FFmpeg 0.7</h2>
396 <h3>0.7.12</h3>
397 <p>
398 Fixes following vulnerabilities:
399 </p>
400 <pre>
401 CVE-2012-0853, CVE-2012-0858, CVE-2011-3929, CVE-2011-3936,
402 CVE-2011-3937, CVE-2011-3940, CVE-2011-3945, CVE-2011-3947
403 Several security issues that dont have CVE numbers.
404 </pre>
405
406 <h3>0.7.11</h3>
407 <p>Fixes CVE-2011-3893 and CVE-2011-3895, and many more</p>
408
409 <h3>0.7.8</h3>
410 <p>Fixes CVE-2011-4352, CVE-2011-4579, CVE-2011-4351, CVE-2011-4353</p>
411
412 <h3>0.7.7</h3>
413 <p>Fixes CVE-2011-3892</p>
414
415 <h3>0.7.6</h3>
416 <p>Fixes CVE-2011-4364 among others</p>
417
418 <h2>FFmpeg 0.6</h2>
419 <h3>0.6.5</h3>
420 <p>Fixes CVE-2011-3892, CVE-2011-3893, CVE-2011-3895</p>
421
422 <h3>0.6.4</h3>
423 <p>Fixes CVE-2011-4352, CVE-2011-4579, CVE-2011-4353, CVE-2011-4351, CVE-2011-4364</p>
424
425 <h2>FFmpeg 0.5</h2>
426 <h3>0.5.8</h3>
427 <p>Fixes CVE-2011-3892, CVE-2011-3893, CVE-2011-3895</p>
428
429 <h3>0.5.7</h3>
430 <p>CVE-2011-4353</p>
431
432 <h3>0.5.6</h3>
433 <p>Fixes CVE-2011-4579, CVE-2011-4351</p>
434
435 <h3>0.5.5</h3>
436 <p>Fixes CVE-2011-3504, CVE-2011-3362, CVE-2011-3973, CVE-2011-3974</p>
437
438 <h3>0.5.4</h3>
439 <p>Fixes CVE-2010-3908, CVE-2011-0722, CVE-2010-4704, CVE-2011-0480, CVE-2011-0723</p>