FFmpeg contains a flaw that is triggered when an unspecified error occurs during the handling of certain Vorbis files. This may allow a context-dependent attacker to execute arbitrary code. No further details have been provided.

Currently, there are no known workarounds or upgrades to correct this issue. However, a patch has been committed to the CVS/GIT repository that addresses this vulnerability. Until it is incorporated into the next release of the software, manually patching an existing installation is the only known available solution. Check the vendor advisory or solution URL in the references section.

• CVE ID: 2012-0859 (see also: NVD)
• Secunia Advisory ID: 49621
• Vendor Specific Solution URL: http://gitorious.org/ffmpeg/ffmpeg/commit/6fcf2bb8af0e7d6bb179e71e67e5fab8ef0d2ec2
• Mail List Post: http://www.openwall.com/lists/oss-security/2012/02/14/4
• Other Advisory URL: http://www.openwall.com/lists/oss-security/2012/02/14/4
• Vendor Specific News/Changelog Entry: http://www.ubuntu.com/usn/usn-1479-1/

• Not Available