web: security: Use shorter 3rd level headings
[ffmpeg-web.git] / src / security
1 <h1>FFmpeg Security</h1>
2
3 <h2>FFmpeg 0.10</h2>
4 <h3>0.10</h3>
5 <p>
6 Fixes following vulnerabilities:
7 </p>
8 <pre>
9 CVE-2011-3929, CVE-2011-3934, CVE-2011-3935, CVE-2011-3936,
10 CVE-2011-3937, CVE-2011-3940, CVE-2011-3941, CVE-2011-3944,
11 CVE-2011-3945, CVE-2011-3946, CVE-2011-3947, CVE-2011-3949,
12 CVE-2011-3950, CVE-2011-3951, CVE-2011-3952
13 </pre>
14 <p>
15 and several others that do not have a CVE number.
16 Many of these issues can be exploited when a remote file is
17 played back and some are probable arbitrary code execution vulnerabilities.
18 </p>
19
20 <p>
21 FFmpeg 0.10 is unaffected by:
22 </p>
23 <pre>
24 CVE-2011-3930, CVE-2011-3931, CVE-2011-3932, CVE-2011-3933,
25 CVE-2011-3938, CVE-2011-3939, CVE-2011-3942, CVE-2011-3943,
26 CVE-2011-3948.
27 </pre>
28
29 <h2>FFmpeg 0.9</h2>
30 <h3>0.9.1</h3>
31 <p>
32 Fixes following vulnerabilities:
33 </p>
34 <pre>
35 CVE-2011-3893, CVE-2011-3895,
36
37 CVE-2012-0847 FFmpeg ae21776207e8a2bbe268e7c9e203f7599dd87ddb lavfi:
38 add missing check in avfilter_filter_samples()
39
40 CVE-2012-0848 FFmpeg 5257743aee0c3982f0079e6553aabc6aa39401d2 ws_snd1:
41 Fix wrong samples count and crash.
42
43 CVE-2012-0849 FFmpeg 1f99939a6361e2e6d6788494dd7c682b051c6c34 j2kdec:
44 Fix integer overflow leading to a segfault
45
46 CVE-2012-0850 FFmpeg 944f5b2779e4aa63f7624df6cd4de832a53db81b aacsbr:
47 Fix memory corruption.
48
49 CVE-2012-0851 FFmpeg 7fff64e00d886fde11d61958888c82b461cf99b9 h264:
50 check chroma_format_idc range.
51
52 CVE-2012-0852 FFmpeg 608708009f69ba4cecebf05120c696167494c897 adpcm:
53 Fix crash
54
55 CVE-2012-0853 FFmpeg 9af6abdc17deb95c9b1f1d9242ba49b8b5e0b016 atrac3:
56 Fix crash in tonal component decoding.
57
58 CVE-2012-0854 FFmpeg 6d8e6fe9dbc365f50521cf0c4a5ffee97c970cb5
59 CODEC_ID_SOL_DPCM: Fix used write buffer.
60
61 CVE-2012-0855 FFmpeg 3eedf9f716733b3b4c5205726d2c1ca52b3d3d78 j2kdec:
62 Check curtileno for validity
63
64 CVE-2012-0856 FFmpeg 21270cffaeab2f67a613907516b2b0cd6c9eacf4 h263dec:
65 Fix regression / crash with lowres.
66
67 CVE-2012-0857 FFmpeg 282bb02839b1ce73963c8e3ee46804f1ade8b12a j2kdec:
68 Fix crash in get_qcx
69
70 CVE-2012-0858 FFmpeg 18bcfc912e48bf77a5202a0e24a3b884b9b2ff2c shorten:
71 Fix invalid free()
72
73 CVE-2012-0859 FFmpeg 6fcf2bb8af0e7d6bb179e71e67e5fab8ef0d2ec2 vorbis:
74 Fix last quarter of CVE-2011-3893
75 </pre>
76 <p>and more security issues that
77 have no CVE number. Many of these issues can be exploited when a remote file is
78 played back and a few are probable arbitrary code execution vulnerabilities</p>
79
80
81 <h2>FFmpeg 0.8</h2>
82 <h3>0.8.10</h3>
83 <p>Fixes CVE-2011-3893 and CVE-2011-3895, and many more</p>
84
85 <h3>0.8.7</h3>
86 <p>Fixes CVE-2011-4352/NGS00145, CVE-2011-4579/NGS00148, CVE-2011-4351, NGS00144, CVE-2011-4353 among others</p>
87
88 <h3>0.8.6</h3>
89 <p>Fixes CVE-2011-3892 among others</p>
90
91 <h3>0.8.5</h3>
92 <p>Fixes CVE-2011-4364 among others</p>
93
94 <h2>FFmpeg 0.7</h2>
95 <h3>0.7.11</h3>
96 <p>Fixes CVE-2011-3893 and CVE-2011-3895, and many more</p>
97
98 <h3>0.7.8</h3>
99 <p>Fixes CVE-2011-4352, CVE-2011-4579, CVE-2011-4351, CVE-2011-4353</p>
100
101 <h3>0.7.7</h3>
102 <p>Fixes CVE-2011-3892</p>
103
104 <h3>0.7.6</h3>
105 <p>Fixes CVE-2011-4364 among others</p>
106
107 <h2>FFmpeg 0.6</h2>
108 <h3>0.6.5</h3>
109 <p>Fixes CVE-2011-3892, CVE-2011-3893, CVE-2011-3895</p>
110
111 <h3>0.6.4</h3>
112 <p>Fixes CVE-2011-4352, CVE-2011-4579, CVE-2011-4353, CVE-2011-4351, CVE-2011-4364</p>
113
114 <h2>FFmpeg 0.5</h2>
115 <h3>0.5.8</h3>
116 <p>Fixes CVE-2011-3892, CVE-2011-3893, CVE-2011-3895</p>
117
118 <h3>0.5.7</h3>
119 <p>CVE-2011-4353</p>
120
121 <h3>0.5.6</h3>
122 <p>Fixes CVE-2011-4579, CVE-2011-4351</p>
123
124 <h3>0.5.5</h3>
125 <p>Fixes CVE-2011-3504, CVE-2011-3362, CVE-2011-3973, CVE-2011-3974</p>
126
127 <h3>0.5.4</h3>
128 <p>Fixes CVE-2010-3908, CVE-2011-0722, CVE-2010-4704, CVE-2011-0480, CVE-2011-0723</p>