REDHAT-BUG-635775: Low severity FFmpeg FFmpeg vulnerability

Published Sep 20, 2010
·
Updated

oCERT reported a vulnerability that affects the flic video codec support in ffmpeg. Quoting:

"The MPlayer package [1] is vulnerable to an arbitrary offset dereference vulnerability, which could be exploited by malicious remote attacker. The vulnerability is caused by the MPlayer's flic codec (flicvideo.c) on 8 bits per pixel videos because the codec does not check received values. This could be exploited jumping to arbitrary code by opening a specially crafted file."

They were particularly concerned about the ffmpeg inclusion in mplayer. The affected file (flicvideo.c) is also present in libextractor as provided by Fedora 12. It looks as though the only thing using libextractor in Fedora is doodle (local search program, like Spotlight). This would mean a user would have to download a specially crafted file and store it locally, and be using doodle to index files. I don't know whether or not doodle would be problematic here, i.e. if it's just reading metadata it might not cause any problems at all.

Later versions of libextractor have removed the embedded ffmpeg sources.

Affected Software

4 affected components
FFmpeg FFmpeg
MPlayer MPlayer
fedora/libextractor
fedora/doodle

Event History

Sep 20, 2010
Data Sourced
05:01 PM
DescriptionSeverityAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of REDHAT-BUG-635775?

The vulnerability in REDHAT-BUG-635775 is considered critical as it allows for arbitrary offset dereference, potentially leading to exploitation by remote attackers.

2

How do I fix REDHAT-BUG-635775?

To fix REDHAT-BUG-635775, users should update the affected versions of FFmpeg, MPlayer, and libextractor to the latest patched versions.

3

What products are affected by REDHAT-BUG-635775?

The products affected by REDHAT-BUG-635775 include FFmpeg, MPlayer, and libextractor versions from 12 onwards.

4

Can REDHAT-BUG-635775 be exploited remotely?

Yes, REDHAT-BUG-635775 can be exploited by a malicious remote attacker using the vulnerable flic video codec support.

5

What does the vulnerability in REDHAT-BUG-635775 affect?

The vulnerability in REDHAT-BUG-635775 affects the flic video codec support in the MPlayer package.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203