web/security: add CVEs for 0.10.9 and 2.1
[ffmpeg-web.git] / src / security
1 <h1>FFmpeg Security</h1>
2
3 <p>Please report vulnerabilities to <a href="mailto:ffmpeg-security@ffmpeg.org">ffmpeg-security@ffmpeg.org</a></p>
4
5 <h2>FFmpeg 2.1</h2>
6 <h3>2.1</h3>
7 <p>
8 Fixes following vulnerabilities:
9 </p>
10 <pre>
11 CVE-2013-7008, 29ffeef5e73b8f41ff3a3f2242d356759c66f91f
12 CVE-2013-7009, 3819db745da2ac7fb3faacb116788c32f4753f34
13 CVE-2013-7010, 454a11a1c9c686c78aa97954306fb63453299760
14 CVE-2013-7011, 547d690d676064069d44703a1917e0dab7e33445
15 CVE-2013-7012, 780669ef7c23c00836a24921fcc6b03be2b8ca4a
16 CVE-2013-7013, 821a5938d100458f4d09d634041b05c860554ce0
17 CVE-2013-7014, 86736f59d6a527d8bc807d09b93f971c0fe0bb07
18 CVE-2013-7015, 880c73cd76109697447fbfbaa8e5ee5683309446
19 CVE-2013-7016, 8bb11c3ca77b52e05a9ed1496a65f8a76e6e2d8f
20 CVE-2013-7017, 912ce9dd2080c5837285a471d750fa311e09b555
21 CVE-2013-7018, 9a271a9368eaabf99e6c2046103acb33957e63b7
22 CVE-2013-7019, a1b9004b768bef606ee98d417bceb9392ceb788d
23 CVE-2013-7020, b05cd1ea7e45a836f7f6071a716c38bb30326e0f
24 CVE-2013-7021, cdd5df8189ff1537f7abe8defe971f80602cc2d2
25 CVE-2013-7022, e07ac727c1cc9eed39e7f9117c97006f719864bd
26 CVE-2013-7023, f31011e9abfb2ae75bb32bc44e2c34194c8dc40a
27 CVE-2013-7024, fe448cd28d674c3eff3072552eae366d0b659ce9
28 </pre>
29
30 <h2>FFmpeg 2.0</h2>
31 <h3>2.0.1</h3>
32 <p>
33 Fixes following vulnerabilities:
34 </p>
35 <pre>
36 CVE-2013-4263, 1bf2461765c58aad5829ea45a2885d11f50b73f0 / e43a0a232dbf6d3c161823c2e07c52e76227a1bc
37 CVE-2013-4264, acf511de34e0b79fff0183e06ed37f1aa8dc3d94 / 2960576378d17d71cc8dccc926352ce568b5eec1
38 CVE-2013-4265, 211374e52a933a2b3f21a4d6e66e9f1b0623e44e / c94f9e854228e0ea00e1de8769d8d3f7cab84a55
39 </pre>
40
41 <h3>2.0</h3>
42 <p>
43 Fixes following vulnerabilities:
44 </p>
45 <pre>
46 CVE-2013-3670, c1f2c4c3b49277d65b71ccdd3b6b2878f1b593eb
47 CVE-2013-3671, 7edb984dd051b6919d7d8471c70499273f31b0fa
48 CVE-2013-3672, 8d3c99e825317b7efda5fd12e69896b47c700303
49 CVE-2013-3673, d23b8462b5a4a9da78ed45c4a7a3b35d538df909
50 CVE-2013-3674, ad002e1a13a8df934bd6cb2c84175a4780ab8942
51 CVE-2013-3675, 9dd04f6d8cdd1c10c28b2cb4252c1a41df581915
52 </pre>
53
54
55 <h2>FFmpeg 1.2</h2>
56 <h3>1.2.1</h3>
57 <p>
58 Fixes following vulnerabilities:
59 </p>
60 <pre>
61 CVE-2013-3670, 0baa0a5a02e16ef097ed9f72bc8a7d7b585c7652 / c1f2c4c3b49277d65b71ccdd3b6b2878f1b593eb
62 CVE-2013-3671, cc0dd86580b3257f22a4981a79eb5fa6804182b6 / 7edb984dd051b6919d7d8471c70499273f31b0fa
63 CVE-2013-3672, 7fa6db2545643efb4fe2e0bb501fa50af35a6330 / 8d3c99e825317b7efda5fd12e69896b47c700303
64 CVE-2013-3673, 7ee5e97c46e30fb3d6f9f78cc3313dbc06528b37 / d23b8462b5a4a9da78ed45c4a7a3b35d538df909
65 CVE-2013-3674, 7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd / ad002e1a13a8df934bd6cb2c84175a4780ab8942
66 CVE-2013-3675, 524d0d2cfc7bab1b348f85e7c0369859e63781cf / 9dd04f6d8cdd1c10c28b2cb4252c1a41df581915
67 </pre>
68
69 <h3>1.2</h3>
70 <p>
71 Fixes following vulnerabilities:
72 </p>
73 <pre>
74 CVE-2013-2495, 3dbc0ff9c3e6f6e0d08ea3d42cb33761bae084ba
75 CVE-2013-2496, e398990eb87785e20e065cd3f14d1dbb69df4392
76 CVE-2013-0870, 14c8ee00ffd9d45e6e0c6f11a957ce7e56f7eb3a
77 </pre>
78
79
80 <h2>FFmpeg 1.1</h2>
81 <h3>1.1.4</h3>
82 <p>
83 Fixes following vulnerabilities:
84 </p>
85 <pre>
86 CVE-2013-2495, f719e6566c08dc1e18cf1caf07ba8c0e93cd7283 / 3dbc0ff9c3e6f6e0d08ea3d42cb33761bae084ba
87 CVE-2013-2496, e398990eb87785e20e065cd3f14d1dbb69df4392 / b9a1efa6f4d4cda20ce796614ff5b0c523df5672
88 </pre>
89
90 <h3>1.1.3</h3>
91 <p>
92 Fixes following vulnerabilities:
93 </p>
94 <pre>
95 CVE-2013-2277, 02d1efdd5b61cefb96562ff9b94c03486a8ead15 / bdeb61ccc67911cfc5e20c7cfb1312d0501ca90a
96 CVE-2013-2276, 469cb61193861baf46cce76f98985b026b08cd8d / 8a6449167a6da8cb747cfe3502ae86ffaac2ed48
97 CVE-2013-0872, 7c40a0449b4771a0a09c3c38e081d3869d1f917b / 21cd905cd44a4bbafe8631bbaa6021d328413ce5
98 CVE-2013-0873, 811a504c6bc2586a8ea5d52fbcfee94277123eb5 / 4f1279154ee9baf2078241bf5619774970d18b25
99 CVE-2013-0874, 75211f2b8cfb8b4a3f47c514e55585651eeb2767 / e1219cdaf9fb4bc8cea410e1caf802373c1bfe51
100 CVE-2013-0875, f6687bbb6464532f14b3246cdb7b03f6d04b25cb / 1ac0fa50eff30d413206cffa5f47f7fe6d4849b1
101 CVE-2013-0876, 1400f1a1e46d72dc38d4cee66f611d91c3a1f49b / 5260edee7e5bd975837696c8c8c1a80eb2fbd7c1
102 CVE-2013-0877, 1ea5bbc5940d2ea5ec1eea83cccef331d737f5f6 / 365270aec5c2b9284230abc702b11168818f14cf
103 CVE-2013-0878, f5955d9f6f9ffdb81864c3de1c7b801782a55725 / 796012af6c780b5b13ebca39a491f215515a18fe
104 </pre>
105
106 <h3>1.1.2</h3>
107 <p>
108 Fixes following vulnerabilities:
109 </p>
110 <pre>
111 CVE-2013-0862, f4fb841ad13bab66d4fb0c7ff2a94770df7815d8 / 49b729d3af8464de431362e6c5b3027102bc2f88
112 CVE-2013-0863, 62c9beda0c189db5cb61fa772057e3af9521f293 / 7357ca900efcf829de4cce4cec6ddc286526d417
113 CVE-2013-0864, 9547034f9120187e23ad76424dd4d70247e62212 / c10350358da58600884292c08a8690289b81de29
114 CVE-2013-0865, f3d16706060ab6ae6dc78f15359fab3fd87c9495 / ab6c9332bfa1e20127a16392a0b85a4aa4840889
115 CVE-2013-0866, 47e462eecc0a47ad40f59376199f93f227e21d13 / 96f452ac647dae33c53c242ef3266b65a9beafb6
116 CVE-2013-0867, 3ef1538121fa6daeb1767510f1d4ae2c306c9fec / 11c99c78bafa77f679a1a3ba06ad00984b9a4cae
117 CVE-2013-0868, 6baa54924980e1f0e8121e4715d16ed1adcd2a23 / f67a0d115254461649470452058fa3c28c0df294
118                75e88db33013eaa7ab74457f5556df677b4ffb42 / 0dfc01c2bbf4b71bb56201bc4a393321e15d1b31
119 CVE-2013-0869, eaa9d2cd6b8c1e2722d5bfc56ea67fde865200ce / 695af8eed642ff0104834495652d1ee784a4c14d
120 </pre>
121
122 <h3>1.1.1</h3>
123 <p>
124 Fixes following vulnerabilities:
125 </p>
126 <pre>
127 CVE-2013-0860, 68a0477bc0af026db971ddba22541029a9e8715b / 23318a57358358e7a4dc551e830e4503f0638cfe
128 CVE-2013-0861, 43c6b45a53a186a187f7266e4d6bd3c2620519f1 / d270c3202539e8364c46410e15f7570800e33343
129 </pre>
130
131 <h3>1.1</h3>
132 <p>
133 Fixes following vulnerabilities:
134 </p>
135 <pre>
136 CVE-2013-0844, f18c873ab5ee3c78d00fdcc2582b39c133faecb4
137 CVE-2013-0845, 0ceca269b66ec12a23bf0907bd2c220513cdbf16
138 CVE-2013-0846, a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed
139 CVE-2013-0847, 10416a4d56fa8a89784e4fb62099c3cab17a9952
140 CVE-2013-0848, 6abb9a901fca27da14d4fffbb01948288b5da3ba
141 CVE-2013-0849, 3ae610451170cd5a28b33950006ff0bd23036845
142 CVE-2013-0850, d6c184880ee2e09fd68c0ae217173832cee5afc1
143 CVE-2013-0851, 63ac64864c6e0e84355aa3caa5b92208997a9a8d
144 CVE-2013-0852, c0d68be555f5858703383040e04fcd6529777061
145 CVE-2013-0853, be818df547c3b0ae4fadb50fd210139a8636706a
146 CVE-2013-0854, 1f41cffe1e3e79620f587545bdfcbd7e6e68ed29
147 CVE-2013-0855, 3920d1387834e2bc334aff9f518f4beb24e470bd
148 CVE-2013-0856, fd4f4923cce6a2cbf4f48640b4ac706e614a1594
149 CVE-2013-0857, 2fbb37b51bbea891392ad357baf8f3dff00bac05
150 CVE-2013-0858, 13451f5520ce6b0afde861b2285dda659f8d4fb4
151 CVE-2013-0859, 6d1c5ea04af3e345232aa70c944de961061dab2d
152 </pre>
153
154 <h2>FFmpeg 1.0</h2>
155 <h3>1.0.4</h3>
156 <p>
157 Fixes following vulnerabilities:
158 </p>
159 <pre>
160 CVE-2013-0866, c459c7b23efffab762560e41ad6a2c0dbbfd4915 / 96f452ac647dae33c53c242ef3266b65a9beafb6
161 CVE-2013-0865, 08e2c7a45f82b897a285548c257972eb1ad352c5 / ab6c9332bfa1e20127a16392a0b85a4aa4840889
162 CVE-2013-0863, 89e16e675d3cbe76cf4581f98bf4ac300cab0286 / 7357ca900efcf829de4cce4cec6ddc286526d417
163 CVE-2013-0861, 4cd1dad91ae97fe1f0dd534c3f5566787566f137 / d270c3202539e8364c46410e15f7570800e33343
164 CVE-2013-0860, 3e196e4def03c7a91423803402f84d638d316c33 / 23318a57358358e7a4dc551e830e4503f0638cfe
165 CVE-2013-0858, 2502914c5f8eb77659d7c0868396862557a63245 / 13451f5520ce6b0afde861b2285dda659f8d4fb4
166 CVE-2013-0845, 6df0d3e2916c223dbe4262bf1b876dff1cb3f980 / 0ceca269b66ec12a23bf0907bd2c220513cdbf16
167 CVE-2013-0844, 85a14dbd5dca34320f58b1ba11dd6dd0df4fb3be / f18c873ab5ee3c78d00fdcc2582b39c133faecb4
168 CVE-2013-0868, b666debffec1fcbb19ef377635a53b9a58bca8a4 / f67a0d115254461649470452058fa3c28c0df294
169                db0f7f7394e1f994ed38db043f78ed0f10bde0da / 0dfc01c2bbf4b71bb56201bc4a393321e15d1b31
170 CVE-2013-0862, 8eda88868399de00806cf21a966d9660db4ae9b4 / 49b729d3af8464de431362e6c5b3027102bc2f88
171 </pre>
172
173 <h3>1.0.2</h3>
174 <p>
175 Fixes following (minor) vulnerabilities:
176 </p>
177 <pre>
178 commit 20c121c00747d6c3b0b0f98deeff021171b2ed74 / c83002a4f8042ccfa0688a9a18e8fa0369c1fda8
179 commit 68e48ed72e0597ae61bc3e9e6e6d9edcb1a00073 / 7d66bc7920240cc0e8df6c44b2d2cdbe4b228fbe
180 commit 9929991da7b843e7d80154fcacc4e80579b86a2d / cbe43e62c9ac7d4aefdc13476f6f691bd626525f
181 commit e74cd2f4706f71da5e9205003c1d8263b54ed3fb / 03847eb8259291b4ff1bd840bd779d0699d71f96
182 </pre>
183
184 <h3>1.0.1</h3>
185 <p>
186 Fixes following vulnerabilities:
187 </p>
188 <pre>
189 CVE-2013-0859, 0b9be54e97fa574867d5e99a3623d1db7df7b274 / 6d1c5ea04af3e345232aa70c944de961061dab2d
190 CVE-2013-0857, 112d4c400f0e0d5d1621fc8db515907cffaae259 / 2fbb37b51bbea891392ad357baf8f3dff00bac05
191 CVE-2013-0856, e0884eadf6a15e93142131b695f48776f9a0ac31 / fd4f4923cce6a2cbf4f48640b4ac706e614a1594
192 CVE-2013-0855, c8c9740ee1ea4a4f857a24b1ce05dcd07b72ec2d / 3920d1387834e2bc334aff9f518f4beb24e470bd
193 CVE-2013-0853, c51c5f83c13b0fa3e332e59bf764fdc598476b2e / be818df547c3b0ae4fadb50fd210139a8636706a
194 CVE-2013-0852, 28bf685bfc6d0c744369cdf367f61a78d80d0b01 / c0d68be555f5858703383040e04fcd6529777061
195 CVE-2013-0851, c8833a13cf530fbf5b1d579cd1ae527a0904403f / 63ac64864c6e0e84355aa3caa5b92208997a9a8d
196 CVE-2013-0850, c82d6e05da0898c45ae915fb808e175f6a4ec7e5 / d6c184880ee2e09fd68c0ae217173832cee5afc1
197 CVE-2013-0849, 38e8f78c041bd28f5b8d32f2fd945eae8ce28598 / 3ae610451170cd5a28b33950006ff0bd23036845
198 CVE-2013-0848, 74241de7ed501a34e7dfe291eed3339ca7b50755 / 6abb9a901fca27da14d4fffbb01948288b5da3ba
199 CVE-2013-0846, e34369e8ece08b7bd820366dea5965f4c40c0080 / a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed
200 </pre>
201
202 <h2>FFmpeg 0.11</h2>
203
204 <h3>0.11.4</h3>
205 <p>
206 Fixes following vulnerabilities:
207 </p>
208 <pre>
209 CVE-2013-0869, 1934bb75361e7859873c6bf94ee1ceb17981c550 / 695af8eed642ff0104834495652d1ee784a4c14d
210 CVE-2013-4358, 39ed5442620a7a0fd2328b7d4aefc6ae152c5441 / b9d887c225466576ae80ef7f2b109e866ff137b2
211 </pre>
212
213 <h3>0.11</h3>
214 <p>
215 Fixes following vulnerabilities:
216 </p>
217 <pre>
218 CVE-2012-2772, cb7190cd2c691fd93e4d3664f3fce6c19ee001dd
219 CVE-2012-2774, 59a4b73531428d2f420b4dad545172c8483ced0f
220 CVE-2012-2775, 9d3032b960ae03066c008d6e6774f68b17a1d69d
221 CVE-2012-2776, ba775a54bc2136ec5da85385a923b05ee6fab159
222 CVE-2012-2777, 25715064c2ef4978672a91f8c856f3e8809a7c45
223 CVE-2012-2779, 229e4c133287955d5f3f837520a3602709b21950
224 CVE-2012-2782, 9a57a37b7041581c10629c8241260a5d7bfbc1e7
225 CVE-2012-2783, d85b3c4fff4c4b255232fcc01edbd57f19d60998
226 CVE-2012-2785, 326f7a68bbd429c63fd2f19f4050658982b5b081
227                d462949974668ffb013467d12dc4934b9106fe19
228 CVE-2012-2786, d1c95d2ce39560e251fdb14f4af91b04fd7b845c
229 CVE-2012-2787, 01bf2ad7351fdaa2e21b6bdf963d22d6ffccb920
230 CVE-2012-2788, c41ac870470c614185e1752c11f892809022248a
231 CVE-2012-2789, 97a5addfcf0029d0f5538ed70cb38cae4108a618
232 CVE-2012-2790, 2837d8dc276760db1821b81df3f794a90bfa56e6
233 CVE-2012-2791, 0846719dd11ab3f7a7caee13e7af71f71d913389
234 CVE-2012-2792, d442c4462a2692e27a24e1a9d0eb6f18725c7bd8
235 CVE-2012-2793, 83c7803f55b3231faeb93c1a634399a70fae9480
236 CVE-2012-2794, 5ad7335ebac2b38bb2a1c8df51a500b78461c05a
237 CVE-2012-2795, a0abefb0af64a311b15141062c77dd577ba590a3
238                2a7063de547b1d8fb1cef523469390fb59fb2c50
239                b3a43515827f3d22a881c33b87384f01c86786fd
240 CVE-2012-2796, 5e59a77cec804a9b44c60ea22c17beba6453ef23
241 CVE-2012-2797, cca9528524c7a4b91451f4322bd50849af5d057e
242 CVE-2012-2798, 72b9537d8886f679494651df517dfed9b420cf1f
243 CVE-2012-2799, 64bd7f8e4db1742e86c5ed02bd530688b74063e3
244 CVE-2012-2800, f0bf9e9c2a65e9a2b9d9e4e94f99acb191dc7ae7
245 CVE-2012-2801, 1df49142bab1b7bccd11392aa9e819e297d21a6e
246 CVE-2012-2802, 2c22701c371c2f3dea21fcdbb97c981939fb77af
247 CVE-2012-2803, 951cbea56fdc03ef96d07fbd7e5bed755d42ac8a
248 CVE-2012-2804, 4a80ebe491609e04110a1dd540a0ca79d3be3d04
249 </pre>
250
251 <h2>FFmpeg 0.10</h2>
252
253 <h3>0.10.9</h3>
254 <p>
255 Fixes following vulnerabilities:
256 </p>
257 <pre>
258 CVE-2013-7009, ef8145270f4a91216b24b1552c73e7eda140c8b6 / 3819db745da2ac7fb3faacb116788c32f4753f34
259 CVE-2013-7010, a99aff4e4bbef8e64b51f267cd1769214e1b4e80 / 454a11a1c9c686c78aa97954306fb63453299760
260 CVE-2013-7014, 9300b1f64e5b85164e50d95dfed4a66452cb667e / 86736f59d6a527d8bc807d09b93f971c0fe0bb07
261 CVE-2013-7015, e288124394840f9e37e110afe47c737044372f89 / 880c73cd76109697447fbfbaa8e5ee5683309446
262 CVE-2013-7018, 1a311ad99a57ec3cd4f821f8a4c22973e2b4d740 / 9a271a9368eaabf99e6c2046103acb33957e63b7
263 CVE-2013-7023, 20854f9bffd2130b6b987c439c2b4002aa177dd0 / f31011e9abfb2ae75bb32bc44e2c34194c8dc40a
264 </pre>
265
266 <h3>0.10.7</h3>
267 <p>
268 Fixes following vulnerabilities:
269 </p>
270 <pre>
271 CVE-2013-0868, b07c791252707c88f610daa668eae3ddc6fbccc7 / 0dfc01c2bbf4b71bb56201bc4a393321e15d1b31
272                ba4b57e8024a9635b4eaf7f3cc08837b065bd4c9 / f67a0d115254461649470452058fa3c28c0df294
273 c3d7c805bc9c1ed584e92649cd8fa8cbb7010967 / c83002a4f8042ccfa0688a9a18e8fa0369c1fda8
274 </pre>
275
276 <h3>0.10.6</h3>
277 <p>
278 Fixes following vulnerabilities:
279 </p>
280 <pre>
281 CVE-2012-2796, CVE-2012-2775, CVE-2012-2772, CVE-2012-2776,
282 CVE-2012-2779, CVE-2012-2787, CVE-2012-2794, CVE-2012-2800,
283 CVE-2012-2802, CVE-2012-2801, CVE-2012-2786, CVE-2012-2798,
284 CVE-2012-2793, CVE-2012-2789, CVE-2012-2788, CVE-2012-2790,
285 CVE-2012-2777, CVE-2012-2784
286 </pre>
287 <h3>0.10.3</h3>
288 <p>
289 Fixes following vulnerabilities:
290 </p>
291 <pre>
292 CVE-2012-0947, CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, CVE-2012-2780,
293 CVE-2012-2781, CVE-2012-2805,
294 </pre>
295 <h3>0.10</h3>
296 <p>
297 Fixes following vulnerabilities:
298 </p>
299 <pre>
300 CVE-2011-3929, CVE-2011-3934, CVE-2011-3935, CVE-2011-3936,
301 CVE-2011-3937, CVE-2011-3940, CVE-2011-3941, CVE-2011-3944,
302 CVE-2011-3945, CVE-2011-3946, CVE-2011-3947, CVE-2011-3949,
303 CVE-2011-3950, CVE-2011-3951, CVE-2011-3952
304 </pre>
305 <p>
306 and several others that do not have a CVE number.
307 Many of these issues can be exploited when a remote file is
308 played back and some are probable arbitrary code execution vulnerabilities.
309 </p>
310
311 <p>
312 FFmpeg 0.10 is unaffected by:
313 </p>
314 <pre>
315 CVE-2011-3930, CVE-2011-3931, CVE-2011-3932, CVE-2011-3933,
316 CVE-2011-3938, CVE-2011-3939, CVE-2011-3942, CVE-2011-3943,
317 CVE-2011-3948.
318 </pre>
319
320 <h2>FFmpeg 0.9</h2>
321 <h3>0.9.1</h3>
322 <p>
323 Fixes following vulnerabilities:
324 </p>
325 <pre>
326 CVE-2011-3893, CVE-2011-3895,
327
328 CVE-2012-0847 FFmpeg ae21776207e8a2bbe268e7c9e203f7599dd87ddb lavfi:
329 add missing check in avfilter_filter_samples()
330
331 CVE-2012-0848 FFmpeg 5257743aee0c3982f0079e6553aabc6aa39401d2 ws_snd1:
332 Fix wrong samples count and crash.
333
334 CVE-2012-0849 FFmpeg 1f99939a6361e2e6d6788494dd7c682b051c6c34 j2kdec:
335 Fix integer overflow leading to a segfault
336
337 CVE-2012-0850 FFmpeg 944f5b2779e4aa63f7624df6cd4de832a53db81b aacsbr:
338 Fix memory corruption.
339
340 CVE-2012-0851 FFmpeg 7fff64e00d886fde11d61958888c82b461cf99b9 h264:
341 check chroma_format_idc range.
342
343 CVE-2012-0852 FFmpeg 608708009f69ba4cecebf05120c696167494c897 adpcm:
344 Fix crash
345
346 CVE-2012-0853 FFmpeg 9af6abdc17deb95c9b1f1d9242ba49b8b5e0b016 atrac3:
347 Fix crash in tonal component decoding.
348
349 CVE-2012-0854 FFmpeg 6d8e6fe9dbc365f50521cf0c4a5ffee97c970cb5
350 CODEC_ID_SOL_DPCM: Fix used write buffer.
351
352 CVE-2012-0855 FFmpeg 3eedf9f716733b3b4c5205726d2c1ca52b3d3d78 j2kdec:
353 Check curtileno for validity
354
355 CVE-2012-0856 FFmpeg 21270cffaeab2f67a613907516b2b0cd6c9eacf4 h263dec:
356 Fix regression / crash with lowres.
357
358 CVE-2012-0857 FFmpeg 282bb02839b1ce73963c8e3ee46804f1ade8b12a j2kdec:
359 Fix crash in get_qcx
360
361 CVE-2012-0858 FFmpeg 18bcfc912e48bf77a5202a0e24a3b884b9b2ff2c shorten:
362 Fix invalid free()
363
364 CVE-2012-0859 FFmpeg 6fcf2bb8af0e7d6bb179e71e67e5fab8ef0d2ec2 vorbis:
365 Fix last quarter of CVE-2011-3893
366 </pre>
367 <p>and more security issues that
368 have no CVE number. Many of these issues can be exploited when a remote file is
369 played back and a few are probable arbitrary code execution vulnerabilities</p>
370
371
372 <h2>FFmpeg 0.8</h2>
373 <h3>0.8.11</h3>
374 <p>
375 Fixes following vulnerabilities:
376 </p>
377 <pre>
378 CVE-2012-0853, CVE-2012-0858, CVE-2011-3929, CVE-2011-3936,
379 CVE-2011-3937, CVE-2011-3940, CVE-2011-3945, CVE-2011-3947
380 Several security issues that dont have CVE numbers.
381 </pre>
382
383 <h3>0.8.10</h3>
384 <p>Fixes CVE-2011-3893 and CVE-2011-3895, and many more</p>
385
386 <h3>0.8.7</h3>
387 <p>Fixes CVE-2011-4352/NGS00145, CVE-2011-4579/NGS00148, CVE-2011-4351, NGS00144, CVE-2011-4353 among others</p>
388
389 <h3>0.8.6</h3>
390 <p>Fixes CVE-2011-3892 among others</p>
391
392 <h3>0.8.5</h3>
393 <p>Fixes CVE-2011-4364 among others</p>
394
395 <h2>FFmpeg 0.7</h2>
396 <h3>0.7.12</h3>
397 <p>
398 Fixes following vulnerabilities:
399 </p>
400 <pre>
401 CVE-2012-0853, CVE-2012-0858, CVE-2011-3929, CVE-2011-3936,
402 CVE-2011-3937, CVE-2011-3940, CVE-2011-3945, CVE-2011-3947
403 Several security issues that dont have CVE numbers.
404 </pre>
405
406 <h3>0.7.11</h3>
407 <p>Fixes CVE-2011-3893 and CVE-2011-3895, and many more</p>
408
409 <h3>0.7.8</h3>
410 <p>Fixes CVE-2011-4352, CVE-2011-4579, CVE-2011-4351, CVE-2011-4353</p>
411
412 <h3>0.7.7</h3>
413 <p>Fixes CVE-2011-3892</p>
414
415 <h3>0.7.6</h3>
416 <p>Fixes CVE-2011-4364 among others</p>
417
418 <h2>FFmpeg 0.6</h2>
419 <h3>0.6.5</h3>
420 <p>Fixes CVE-2011-3892, CVE-2011-3893, CVE-2011-3895</p>
421
422 <h3>0.6.4</h3>
423 <p>Fixes CVE-2011-4352, CVE-2011-4579, CVE-2011-4353, CVE-2011-4351, CVE-2011-4364</p>
424
425 <h2>FFmpeg 0.5</h2>
426 <h3>0.5.8</h3>
427 <p>Fixes CVE-2011-3892, CVE-2011-3893, CVE-2011-3895</p>
428
429 <h3>0.5.7</h3>
430 <p>CVE-2011-4353</p>
431
432 <h3>0.5.6</h3>
433 <p>Fixes CVE-2011-4579, CVE-2011-4351</p>
434
435 <h3>0.5.5</h3>
436 <p>Fixes CVE-2011-3504, CVE-2011-3362, CVE-2011-3973, CVE-2011-3974</p>
437
438 <h3>0.5.4</h3>
439 <p>Fixes CVE-2010-3908, CVE-2011-0722, CVE-2010-4704, CVE-2011-0480, CVE-2011-0723</p>