flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an βarbitrary offset dereference vulnerability.β
git.ffmpeg.org/?p=ffmpeg%3Ba=commit%3Bh=16c592155f117ccd7b86006c45aacc692a81c23b
secunia.com/advisories/41626
secunia.com/advisories/43323
www.debian.org/security/2011/dsa-2165
www.mandriva.com/security/advisories?name=MDVSA-2011:060
www.mandriva.com/security/advisories?name=MDVSA-2011:061
www.mandriva.com/security/advisories?name=MDVSA-2011:062
www.mandriva.com/security/advisories?name=MDVSA-2011:088
www.mandriva.com/security/advisories?name=MDVSA-2011:089
www.mandriva.com/security/advisories?name=MDVSA-2011:112
www.mandriva.com/security/advisories?name=MDVSA-2011:114
www.ocert.org/advisories/ocert-2010-004.html
www.openwall.com/lists/oss-security/2010/09/28/4
www.securityfocus.com/archive/1/514009/100/0/threaded
www.ubuntu.com/usn/usn-1104-1/
www.vupen.com/english/advisories/2010/2517
www.vupen.com/english/advisories/2010/2518
www.vupen.com/english/advisories/2011/1241
bugzilla.redhat.com/show_bug.cgi?id=635775